General
-
Target
2fb57730888928c519502ebd41cf6ea6397ddbf156e2e997046b6103666f9cab
-
Size
747KB
-
Sample
221012-vasrvacbcl
-
MD5
60ff825e3ff5052c835683f1fb29c120
-
SHA1
a9cfe3bf2cec17f9418796472f7df10c8e185bd9
-
SHA256
2fb57730888928c519502ebd41cf6ea6397ddbf156e2e997046b6103666f9cab
-
SHA512
0aa723755a46c73991222a6c30d566f2cbf5b803846741b8c03e638af77c9af62e08a000e6421ba2b48f97d2d66cee02cee6fa762d75b28e140f7ba3f2d18d3c
-
SSDEEP
12288:AWK7oOJcwYaz1scSsuvKfKdEJuw/p4ot36uddMVL88Dp76c:6Fttz1sZspidZw/6wmV16
Static task
static1
Behavioral task
behavioral1
Sample
2fb57730888928c519502ebd41cf6ea6397ddbf156e2e997046b6103666f9cab.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2fb57730888928c519502ebd41cf6ea6397ddbf156e2e997046b6103666f9cab.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
slaves
droplul.no-ip.biz:1604
DC_MUTEX-0CW3JAL
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
zV0CJmM1DVd0
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
2fb57730888928c519502ebd41cf6ea6397ddbf156e2e997046b6103666f9cab
-
Size
747KB
-
MD5
60ff825e3ff5052c835683f1fb29c120
-
SHA1
a9cfe3bf2cec17f9418796472f7df10c8e185bd9
-
SHA256
2fb57730888928c519502ebd41cf6ea6397ddbf156e2e997046b6103666f9cab
-
SHA512
0aa723755a46c73991222a6c30d566f2cbf5b803846741b8c03e638af77c9af62e08a000e6421ba2b48f97d2d66cee02cee6fa762d75b28e140f7ba3f2d18d3c
-
SSDEEP
12288:AWK7oOJcwYaz1scSsuvKfKdEJuw/p4ot36uddMVL88Dp76c:6Fttz1sZspidZw/6wmV16
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-