General
-
Target
a2dff7ad9fd1ba464b6e116e783130b22fd809b0384acdf55d5b075cdba71fcb
-
Size
658KB
-
Sample
210505-p2pav7g8lx
-
MD5
f0016753a0f7d4a77577219f32cbe1a3
-
SHA1
8cf1834af6492053e1d52c202e2f447978d36898
-
SHA256
a2dff7ad9fd1ba464b6e116e783130b22fd809b0384acdf55d5b075cdba71fcb
-
SHA512
285ddc39de01fb5b57ef95102cfb085847274b41a91b90de6c01dfa3f0c553f3c5968750cd9577f681eed7b18ca23530c2a186821b28468665078ad9c76f1c8a
Static task
static1
Behavioral task
behavioral1
Sample
a2dff7ad9fd1ba464b6e116e783130b22fd809b0384acdf55d5b075cdba71fcb.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a2dff7ad9fd1ba464b6e116e783130b22fd809b0384acdf55d5b075cdba71fcb.exe
Resource
win10v20210410
Malware Config
Extracted
darkcomet
Junior_Sazan
tcp.ngrok.io:1604
DCMIN_MUTEX-TGBV1JW
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
DYogjpAqTBHJ
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Windows Defender
Targets
-
-
Target
a2dff7ad9fd1ba464b6e116e783130b22fd809b0384acdf55d5b075cdba71fcb
-
Size
658KB
-
MD5
f0016753a0f7d4a77577219f32cbe1a3
-
SHA1
8cf1834af6492053e1d52c202e2f447978d36898
-
SHA256
a2dff7ad9fd1ba464b6e116e783130b22fd809b0384acdf55d5b075cdba71fcb
-
SHA512
285ddc39de01fb5b57ef95102cfb085847274b41a91b90de6c01dfa3f0c553f3c5968750cd9577f681eed7b18ca23530c2a186821b28468665078ad9c76f1c8a
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-