General
-
Target
stub.exe.exe
-
Size
757KB
-
Sample
210816-67c9y5kzv2
-
MD5
35669b181b62e75b0fb238afbab305d7
-
SHA1
7a04940ca263d45ec1c260f51f3038f226e0f9c8
-
SHA256
b8484d64fd65294b2c0b8ce8a6edff10306c9d3a171c9a4f11a8a0286018729e
-
SHA512
cb09dfd25eafa2f623db2cf49a93791d29f0ac2f36ead11b73b8c1b3be307aec7e33655b027dc1b0b0604a8bdaaa711fddefb77c5fc7603092c8da645464b4b1
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-WTBJHDT
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
GRgViYo3LNsE
-
install
true
-
offline_keylogger
true
-
password
1234567890
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
stub.exe.exe
-
Size
757KB
-
MD5
35669b181b62e75b0fb238afbab305d7
-
SHA1
7a04940ca263d45ec1c260f51f3038f226e0f9c8
-
SHA256
b8484d64fd65294b2c0b8ce8a6edff10306c9d3a171c9a4f11a8a0286018729e
-
SHA512
cb09dfd25eafa2f623db2cf49a93791d29f0ac2f36ead11b73b8c1b3be307aec7e33655b027dc1b0b0604a8bdaaa711fddefb77c5fc7603092c8da645464b4b1
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-