General
-
Target
579d9d9ae7f49e2a0cd43e61d65f89b2ebe2026097c2c4d378d569d10867ded5
-
Size
480KB
-
Sample
221014-l2tzjsadd5
-
MD5
6d2ef4155874c6331e50b3c7f2b39110
-
SHA1
3508f3309f24d1f42f0b112972040245e36c02cc
-
SHA256
579d9d9ae7f49e2a0cd43e61d65f89b2ebe2026097c2c4d378d569d10867ded5
-
SHA512
7340a3d319e79a5659cd3aeae5069926fb10cfc071bd73a7010509a918e1d18c590b1a1d8da197198d0295e2fa76dea66e6e4ad5767d423388cbd0d52c133c56
-
SSDEEP
12288:CRFj6MvPNFJv6NSd4NxcxzqX+Wub1WTxcpfAt1SZILqa5x:NMNFpRdocxzqX61V/wqOx
Static task
static1
Behavioral task
behavioral1
Sample
579d9d9ae7f49e2a0cd43e61d65f89b2ebe2026097c2c4d378d569d10867ded5.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
579d9d9ae7f49e2a0cd43e61d65f89b2ebe2026097c2c4d378d569d10867ded5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Gæst-1
spicial-k.no-ip.biz:1604
DC_MUTEX-MEGHSPW
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
tWYZrC7zPWjY
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
579d9d9ae7f49e2a0cd43e61d65f89b2ebe2026097c2c4d378d569d10867ded5
-
Size
480KB
-
MD5
6d2ef4155874c6331e50b3c7f2b39110
-
SHA1
3508f3309f24d1f42f0b112972040245e36c02cc
-
SHA256
579d9d9ae7f49e2a0cd43e61d65f89b2ebe2026097c2c4d378d569d10867ded5
-
SHA512
7340a3d319e79a5659cd3aeae5069926fb10cfc071bd73a7010509a918e1d18c590b1a1d8da197198d0295e2fa76dea66e6e4ad5767d423388cbd0d52c133c56
-
SSDEEP
12288:CRFj6MvPNFJv6NSd4NxcxzqX+Wub1WTxcpfAt1SZILqa5x:NMNFpRdocxzqX61V/wqOx
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
ModiLoader Second Stage
-
Molebox Virtualization software
Detects file using Molebox Virtualization software.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-