General
-
Target
2e15ef27dc6e9b414c7cb2cf9ae5ce50f13f889461442c33f3128b569ede31bf
-
Size
807KB
-
Sample
210930-nnv1sshdh3
-
MD5
1b65c2a3c7627597b54d16d3f1b80418
-
SHA1
383a0d1115b33a50e7c8e9875155e9033a37c8c0
-
SHA256
2e15ef27dc6e9b414c7cb2cf9ae5ce50f13f889461442c33f3128b569ede31bf
-
SHA512
b7ae5b9df4758c5638a332a8896292aa0e567f0253fd8f4bbb178feb0544085889972605b49baf1e8432ab944881aad69d64a9d64968a89dee2a7ab3b9abd381
Behavioral task
behavioral1
Sample
2e15ef27dc6e9b414c7cb2cf9ae5ce50f13f889461442c33f3128b569ede31bf.exe
Resource
win7v20210408
Malware Config
Extracted
darkcomet
Sazan
0.tcp.ngrok.io:14298
DC_MUTEX-03KLHJJ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
JmWdVpbgJaAR
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
2e15ef27dc6e9b414c7cb2cf9ae5ce50f13f889461442c33f3128b569ede31bf
-
Size
807KB
-
MD5
1b65c2a3c7627597b54d16d3f1b80418
-
SHA1
383a0d1115b33a50e7c8e9875155e9033a37c8c0
-
SHA256
2e15ef27dc6e9b414c7cb2cf9ae5ce50f13f889461442c33f3128b569ede31bf
-
SHA512
b7ae5b9df4758c5638a332a8896292aa0e567f0253fd8f4bbb178feb0544085889972605b49baf1e8432ab944881aad69d64a9d64968a89dee2a7ab3b9abd381
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-