General
-
Target
PCS.exe
-
Size
11.1MB
-
Sample
210811-wqxhhspjjs
-
MD5
96e9564254f0acc6aa656cb56ab0e94d
-
SHA1
b0d63f3ce6bb82c649cbc7a17df774acbf23477d
-
SHA256
1a722652518e589be34613b12d419efee2235ff0b0a37556fbb9cda5eb27b1d2
-
SHA512
69d05b841c558dfe8f8ad8527e8f9450e68becf50bd0d89e372d8cc8b61770bad6d3a94b22ca858829a613d8c563519d0cc92d13f918274ecacb46799e1103d8
Static task
static1
Behavioral task
behavioral1
Sample
PCS.exe
Resource
win7v20210410
Malware Config
Extracted
darkcomet
Guest16
onlinebonjour1pt.ddns.net:1605
DC_MUTEX-XJRH105
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
TeN3mNbzDY1b
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Microdapt
Targets
-
-
Target
PCS.exe
-
Size
11.1MB
-
MD5
96e9564254f0acc6aa656cb56ab0e94d
-
SHA1
b0d63f3ce6bb82c649cbc7a17df774acbf23477d
-
SHA256
1a722652518e589be34613b12d419efee2235ff0b0a37556fbb9cda5eb27b1d2
-
SHA512
69d05b841c558dfe8f8ad8527e8f9450e68becf50bd0d89e372d8cc8b61770bad6d3a94b22ca858829a613d8c563519d0cc92d13f918274ecacb46799e1103d8
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-