General
-
Target
Подключение к Cheater HAer VPsu202epdr.exe
-
Size
1.2MB
-
Sample
210429-vp1d4l6sg6
-
MD5
89819d45a907c55d273e9d4e2a64f2a9
-
SHA1
18db069eb82c31af3cb577ea392e4b42775d37f4
-
SHA256
e50cf3f7139ac7f4924b835334a98f7c426b66d0d19e986d885bd4080433d7bd
-
SHA512
bb2eee52e673c8e2ae44c60f0df8dc69890df2108f5278f1928f207055d5e8660fd8d8eaab9d67ee3ed950574184cbc94af77d831b601323afc31d715b9ec248
Static task
static1
Behavioral task
behavioral1
Sample
Подключение к Cheater HAer VPsu202epdr.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Подключение к Cheater HAer VPsu202epdr.exe
Resource
win10v20210410
Malware Config
Extracted
darkcomet
Guest16
radgoodnow.mooo.com:7777
DC_MUTEX-0E720ZB
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ReysmuLVc5ah
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
Подключение к Cheater HAer VPsu202epdr.exe
-
Size
1.2MB
-
MD5
89819d45a907c55d273e9d4e2a64f2a9
-
SHA1
18db069eb82c31af3cb577ea392e4b42775d37f4
-
SHA256
e50cf3f7139ac7f4924b835334a98f7c426b66d0d19e986d885bd4080433d7bd
-
SHA512
bb2eee52e673c8e2ae44c60f0df8dc69890df2108f5278f1928f207055d5e8660fd8d8eaab9d67ee3ed950574184cbc94af77d831b601323afc31d715b9ec248
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-