General
-
Target
f5fe87ddee0e06b3664dfe3ceab39b0fa75000f42cd332aa10e4cd05ff28b663
-
Size
1000KB
-
Sample
221123-l11qpsgb7z
-
MD5
99e18037d98721d5e0d35baecd49703d
-
SHA1
0454cbec544a1580f7e828fed85beadf31c35e42
-
SHA256
f5fe87ddee0e06b3664dfe3ceab39b0fa75000f42cd332aa10e4cd05ff28b663
-
SHA512
0fe5551991981e0235b8c6962f3ea10563ad8eb8e46c83360c402a3313f61890f22e9e25de0d681514ad186b05af1fea90337fbbd9b5f3580f05ae6cf10aaf71
-
SSDEEP
24576:aOXyYVWHpI+GXEtIj1OMh2GIk0E3PWhGcOkuvQTL:af7pI+1q3h1PWhGcOkS
Static task
static1
Behavioral task
behavioral1
Sample
f5fe87ddee0e06b3664dfe3ceab39b0fa75000f42cd332aa10e4cd05ff28b663.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f5fe87ddee0e06b3664dfe3ceab39b0fa75000f42cd332aa10e4cd05ff28b663.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
RuneScape AIO Toolkit 2012
121.221.226.5:1708
DC_MUTEX-5D4MFMH
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
xrFcsHGVyoGT
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
f5fe87ddee0e06b3664dfe3ceab39b0fa75000f42cd332aa10e4cd05ff28b663
-
Size
1000KB
-
MD5
99e18037d98721d5e0d35baecd49703d
-
SHA1
0454cbec544a1580f7e828fed85beadf31c35e42
-
SHA256
f5fe87ddee0e06b3664dfe3ceab39b0fa75000f42cd332aa10e4cd05ff28b663
-
SHA512
0fe5551991981e0235b8c6962f3ea10563ad8eb8e46c83360c402a3313f61890f22e9e25de0d681514ad186b05af1fea90337fbbd9b5f3580f05ae6cf10aaf71
-
SSDEEP
24576:aOXyYVWHpI+GXEtIj1OMh2GIk0E3PWhGcOkuvQTL:af7pI+1q3h1PWhGcOkS
-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-