General
-
Target
ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910
-
Size
1.9MB
-
Sample
220524-c9sxsagcfm
-
MD5
5b6b3ee51c768d0c335799d16e85f5b1
-
SHA1
604c648cffb3e2e9fb0d3712bf341bb577c8cb81
-
SHA256
ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910
-
SHA512
df0de18365acdb919ed044f399e71670157227d6e2dc0fb0425741017650c769dbcd1fb87c2259067905379afca520708a28f9d9dabe528901d2c8d64f907f96
Static task
static1
Behavioral task
behavioral1
Sample
ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
Sazan
denemekerem.duckdns.org:1604
DC_MUTEX-X97JXCQ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ismgUn3CHFuf
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910
-
Size
1.9MB
-
MD5
5b6b3ee51c768d0c335799d16e85f5b1
-
SHA1
604c648cffb3e2e9fb0d3712bf341bb577c8cb81
-
SHA256
ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910
-
SHA512
df0de18365acdb919ed044f399e71670157227d6e2dc0fb0425741017650c769dbcd1fb87c2259067905379afca520708a28f9d9dabe528901d2c8d64f907f96
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-