General
-
Target
5f8746c22ef36acbab6318006dd80d658b6a5c7b7caca041dd6ea9869d8e7b01
-
Size
252KB
-
Sample
220731-nezmmaefhp
-
MD5
212e9f90a1b76a6c8d2ec81dd884e03b
-
SHA1
e1d77698f3776e48f32780ef00f171a06b97715e
-
SHA256
5f8746c22ef36acbab6318006dd80d658b6a5c7b7caca041dd6ea9869d8e7b01
-
SHA512
2886906a394aaee2897e6c7d3597fe8123da59f33e9030de3a5d411c29b6add0c25f53859f7b85c7a986c1ed1a4d908405269098a9f8f7bd8e36dcf8b968b2df
Behavioral task
behavioral1
Sample
5f8746c22ef36acbab6318006dd80d658b6a5c7b7caca041dd6ea9869d8e7b01.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5f8746c22ef36acbab6318006dd80d658b6a5c7b7caca041dd6ea9869d8e7b01.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
darkcomet
Guest16
cometka321.ddns.net:1604
DC_MUTEX-JZ5G2G4
-
InstallPath
Windows\msdcsc.exe
-
gencode
TjzE59HsqfK5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
WindowsUpdate
Targets
-
-
Target
5f8746c22ef36acbab6318006dd80d658b6a5c7b7caca041dd6ea9869d8e7b01
-
Size
252KB
-
MD5
212e9f90a1b76a6c8d2ec81dd884e03b
-
SHA1
e1d77698f3776e48f32780ef00f171a06b97715e
-
SHA256
5f8746c22ef36acbab6318006dd80d658b6a5c7b7caca041dd6ea9869d8e7b01
-
SHA512
2886906a394aaee2897e6c7d3597fe8123da59f33e9030de3a5d411c29b6add0c25f53859f7b85c7a986c1ed1a4d908405269098a9f8f7bd8e36dcf8b968b2df
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-