General
-
Target
44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6
-
Size
1.6MB
-
Sample
210515-lt2t7v2mcx
-
MD5
49ad81fde492c509161ed75c94e61633
-
SHA1
0c494c7a110022d19808f6e4dbc9e3e103c912c6
-
SHA256
44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6
-
SHA512
08a795ebed9cf08b913f781b866b3e8e0e6cb854e5d224981cb821f2afaea8b9013a1412a266b321f32fcbadd6a12d2018a8cd9f7b9a5843ff7421ec76e97520
Static task
static1
Behavioral task
behavioral1
Sample
44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6.exe
Resource
win10v20210410
Malware Config
Extracted
darkcomet
0006285155275
wsws.myftp.org:2222
DC_MUTEX-HB8VFRH
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
GixsKsK0q5Nb
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6
-
Size
1.6MB
-
MD5
49ad81fde492c509161ed75c94e61633
-
SHA1
0c494c7a110022d19808f6e4dbc9e3e103c912c6
-
SHA256
44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6
-
SHA512
08a795ebed9cf08b913f781b866b3e8e0e6cb854e5d224981cb821f2afaea8b9013a1412a266b321f32fcbadd6a12d2018a8cd9f7b9a5843ff7421ec76e97520
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-