General
-
Target
97eee5ecf6cc23c32ec2eadf116cc10976696962e7f2cd6c124b3761b4409521
-
Size
685KB
-
Sample
210228-q1h3ewd28e
-
MD5
59b083bb93311967ade4787a38a71da4
-
SHA1
2ccc0033adcb96f52aa0af850480465b62a76b0f
-
SHA256
97eee5ecf6cc23c32ec2eadf116cc10976696962e7f2cd6c124b3761b4409521
-
SHA512
be8afed68c25c32c621a12f6a08450aafaf8fd9f90593dcf74a9ef0597b2a178d81b9a99c2e224adfe88c5052c7359a58d2324b8f36cdbd6717eaeb507b246a9
Behavioral task
behavioral1
Sample
97eee5ecf6cc23c32ec2eadf116cc10976696962e7f2cd6c124b3761b4409521.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
97eee5ecf6cc23c32ec2eadf116cc10976696962e7f2cd6c124b3761b4409521.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Sazan
marbeyli.duckdns.org:1604
DC_MUTEX-LE9EE3D
-
InstallPath
MSDCSC\svchost.exe
-
gencode
w1S5jibwxNoa
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
97eee5ecf6cc23c32ec2eadf116cc10976696962e7f2cd6c124b3761b4409521
-
Size
685KB
-
MD5
59b083bb93311967ade4787a38a71da4
-
SHA1
2ccc0033adcb96f52aa0af850480465b62a76b0f
-
SHA256
97eee5ecf6cc23c32ec2eadf116cc10976696962e7f2cd6c124b3761b4409521
-
SHA512
be8afed68c25c32c621a12f6a08450aafaf8fd9f90593dcf74a9ef0597b2a178d81b9a99c2e224adfe88c5052c7359a58d2324b8f36cdbd6717eaeb507b246a9
Score10/10-
Modifies WinLogon for persistence
-
Adds Run key to start application
-