General
-
Target
f77ec75d9c444361b57f286bd40726bedeb8106ab18c02ff6a59ef2e3f4e5f24
-
Size
887KB
-
Sample
221003-cqvbhadefp
-
MD5
6e91f9d1c4b9fcf81c4a30e99358fde0
-
SHA1
4eeaf371809f8078e7ed0dc18e196e72c505f871
-
SHA256
f77ec75d9c444361b57f286bd40726bedeb8106ab18c02ff6a59ef2e3f4e5f24
-
SHA512
b462cd0cd1d42a7081f254a118f75b58fab8750fd2348155eb04ba932274715899615bf05f8e0e923bb9abe02041ee582158c1e77e8c2df8d9efbd25fc00c3fe
-
SSDEEP
12288:HWzsaCUc+TcN09kaTUfucrmdztxZcSHg0yJnsumdjANlKk1F:2zs1wmaTU4dRxvgTJsjViB
Static task
static1
Behavioral task
behavioral1
Sample
f77ec75d9c444361b57f286bd40726bedeb8106ab18c02ff6a59ef2e3f4e5f24.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f77ec75d9c444361b57f286bd40726bedeb8106ab18c02ff6a59ef2e3f4e5f24.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
hackdarkcomet.ddns.net:1604
DC_MUTEX-BRR8PJY
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
PglT1bwfgHY5
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
f77ec75d9c444361b57f286bd40726bedeb8106ab18c02ff6a59ef2e3f4e5f24
-
Size
887KB
-
MD5
6e91f9d1c4b9fcf81c4a30e99358fde0
-
SHA1
4eeaf371809f8078e7ed0dc18e196e72c505f871
-
SHA256
f77ec75d9c444361b57f286bd40726bedeb8106ab18c02ff6a59ef2e3f4e5f24
-
SHA512
b462cd0cd1d42a7081f254a118f75b58fab8750fd2348155eb04ba932274715899615bf05f8e0e923bb9abe02041ee582158c1e77e8c2df8d9efbd25fc00c3fe
-
SSDEEP
12288:HWzsaCUc+TcN09kaTUfucrmdztxZcSHg0yJnsumdjANlKk1F:2zs1wmaTU4dRxvgTJsjViB
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-