General
-
Target
a0b1f9550cbe61784e816e7d27fd744d7e6300026e4e6ef9c19292e2db008c67
-
Size
900KB
-
Sample
220521-ethszshfh4
-
MD5
3d1fcc93b49eaaef35bb1f99db7db42b
-
SHA1
5aefd3d81e389bbcb23f91f1f3092c079a510089
-
SHA256
a0b1f9550cbe61784e816e7d27fd744d7e6300026e4e6ef9c19292e2db008c67
-
SHA512
b2f9a734dcfe155f2af62ca7b1d8908b41203bac98d37f6fb5e9f9581d5678c02033a93fc363841cedf2a15361a77a395d9bb92e0efb5c0d7bcf6eba09948228
Static task
static1
Behavioral task
behavioral1
Sample
a0b1f9550cbe61784e816e7d27fd744d7e6300026e4e6ef9c19292e2db008c67.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a0b1f9550cbe61784e816e7d27fd744d7e6300026e4e6ef9c19292e2db008c67.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
darkcomet
1
hackportals.ddns.net:1604
DC_MUTEX-B362LA5
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
YCkRrhsri4SH
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
a0b1f9550cbe61784e816e7d27fd744d7e6300026e4e6ef9c19292e2db008c67
-
Size
900KB
-
MD5
3d1fcc93b49eaaef35bb1f99db7db42b
-
SHA1
5aefd3d81e389bbcb23f91f1f3092c079a510089
-
SHA256
a0b1f9550cbe61784e816e7d27fd744d7e6300026e4e6ef9c19292e2db008c67
-
SHA512
b2f9a734dcfe155f2af62ca7b1d8908b41203bac98d37f6fb5e9f9581d5678c02033a93fc363841cedf2a15361a77a395d9bb92e0efb5c0d7bcf6eba09948228
Score10/10-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-