General
-
Target
b13b73296a76348fa21f9d6120e93b0e6788dd1e0ffe245c23313384db089fd6
-
Size
716KB
-
Sample
210903-k3cwzsgadk
-
MD5
0bb1cb742eaddbad11d9e96993fb23d7
-
SHA1
07437ed6538dfebb78a0367d002cd9212c68f6f0
-
SHA256
b13b73296a76348fa21f9d6120e93b0e6788dd1e0ffe245c23313384db089fd6
-
SHA512
fc111533d4d6d97c6466e2564c865eb8d6e839cb79f8629feed2a794dfa7c83c096a8be2879e7f8287d5719045eb0751a0776a70583ed1b5ae07f3512ba31613
Static task
static1
Behavioral task
behavioral1
Sample
b13b73296a76348fa21f9d6120e93b0e6788dd1e0ffe245c23313384db089fd6.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
b13b73296a76348fa21f9d6120e93b0e6788dd1e0ffe245c23313384db089fd6.exe
Resource
win10-en
Malware Config
Extracted
metasploit
metasploit_stager
192.168.1.10:1604
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-LDXAQCA
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
uT8Um6D8y43p
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
b13b73296a76348fa21f9d6120e93b0e6788dd1e0ffe245c23313384db089fd6
-
Size
716KB
-
MD5
0bb1cb742eaddbad11d9e96993fb23d7
-
SHA1
07437ed6538dfebb78a0367d002cd9212c68f6f0
-
SHA256
b13b73296a76348fa21f9d6120e93b0e6788dd1e0ffe245c23313384db089fd6
-
SHA512
fc111533d4d6d97c6466e2564c865eb8d6e839cb79f8629feed2a794dfa7c83c096a8be2879e7f8287d5719045eb0751a0776a70583ed1b5ae07f3512ba31613
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-