General
-
Target
eac97654d08020adbfe753a3b202202b5c62589e34f2097cd71a8a8d8b14bda7
-
Size
825KB
-
Sample
221030-nx2vpsadan
-
MD5
5a6b430cc8ebd6b4ea8aab5833a1cbdf
-
SHA1
99c87aecf5a7b5658fd1352dc97ad148a2545f2c
-
SHA256
eac97654d08020adbfe753a3b202202b5c62589e34f2097cd71a8a8d8b14bda7
-
SHA512
9ac2a08bf0983c570cc143b2b4f7f5db36c092a1159979063d3d9719eae3913c1b765eab242823008951f56cb4bc69edef2b46be894f3d35310ff6565ca58922
-
SSDEEP
24576:74nInLWoUHdj79beliFLfqd0c4ifqPHdvj5yL5j:MILWtHXFDvhHHdrkp
Static task
static1
Behavioral task
behavioral1
Sample
eac97654d08020adbfe753a3b202202b5c62589e34f2097cd71a8a8d8b14bda7.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
2
127.0.0.1:1604
DC_MUTEX-HPTFP88
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
A4rqb41NhVrE
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
eac97654d08020adbfe753a3b202202b5c62589e34f2097cd71a8a8d8b14bda7
-
Size
825KB
-
MD5
5a6b430cc8ebd6b4ea8aab5833a1cbdf
-
SHA1
99c87aecf5a7b5658fd1352dc97ad148a2545f2c
-
SHA256
eac97654d08020adbfe753a3b202202b5c62589e34f2097cd71a8a8d8b14bda7
-
SHA512
9ac2a08bf0983c570cc143b2b4f7f5db36c092a1159979063d3d9719eae3913c1b765eab242823008951f56cb4bc69edef2b46be894f3d35310ff6565ca58922
-
SSDEEP
24576:74nInLWoUHdj79beliFLfqd0c4ifqPHdvj5yL5j:MILWtHXFDvhHHdrkp
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-