General
-
Target
9d1352ff3831f02eb5d2256eceabf9e909224b93e94b81cc65232e9612e76e22
-
Size
407KB
-
Sample
221019-115rzsaeh7
-
MD5
9103158e969dbdf5ca2412290234eb50
-
SHA1
716c8920b5e3b3078f523d46a1dfe30aebf65a82
-
SHA256
9d1352ff3831f02eb5d2256eceabf9e909224b93e94b81cc65232e9612e76e22
-
SHA512
24f3e908af8454b3592309c0ee46001bab2e9223733c3c6b31ac24e749c5c2c4bd4eb857d5d529a329f3f2d24fe03dfa87cf5cc3e43523e989a4d892c645c3c2
-
SSDEEP
12288:wUABeRfJOWhb/JedZQUOjfjyB8ewNtkMqJIFB:CBeRfsYJiZujjGfQtkMqu
Static task
static1
Behavioral task
behavioral1
Sample
9d1352ff3831f02eb5d2256eceabf9e909224b93e94b81cc65232e9612e76e22.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
alex234.no-ip.biz:1604
DC_MUTEX-SC6F7JV
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
w7irGWwDJFDY
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
9d1352ff3831f02eb5d2256eceabf9e909224b93e94b81cc65232e9612e76e22
-
Size
407KB
-
MD5
9103158e969dbdf5ca2412290234eb50
-
SHA1
716c8920b5e3b3078f523d46a1dfe30aebf65a82
-
SHA256
9d1352ff3831f02eb5d2256eceabf9e909224b93e94b81cc65232e9612e76e22
-
SHA512
24f3e908af8454b3592309c0ee46001bab2e9223733c3c6b31ac24e749c5c2c4bd4eb857d5d529a329f3f2d24fe03dfa87cf5cc3e43523e989a4d892c645c3c2
-
SSDEEP
12288:wUABeRfJOWhb/JedZQUOjfjyB8ewNtkMqJIFB:CBeRfsYJiZujjGfQtkMqu
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-