General
-
Target
9d2c41062b7f7c4f9a57bdb5e6f9f968282655bcd5558155d291d39f48159201
-
Size
408KB
-
Sample
221123-sx43aace47
-
MD5
c171355f55121ff719f5154f26a62a99
-
SHA1
804d0e75559bd804c199dfa87f5e2c76dfa552a5
-
SHA256
9d2c41062b7f7c4f9a57bdb5e6f9f968282655bcd5558155d291d39f48159201
-
SHA512
c23081efe058d881480d9f729993c9d40f538bf724b8edcfbc7f7b7abb7595b9fc0b27fbeb413bf340e56320ea08b5e3c0c94a858af3a64658289da41b08cc8f
-
SSDEEP
12288:kFj5x0oVQYQMhYfDiji+D17iOeklNv/VnhGqa:Aj3Kcji+DZreklNvthJ
Static task
static1
Behavioral task
behavioral1
Sample
9d2c41062b7f7c4f9a57bdb5e6f9f968282655bcd5558155d291d39f48159201.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9d2c41062b7f7c4f9a57bdb5e6f9f968282655bcd5558155d291d39f48159201.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Test-Sucessful
spitzfire.no-ip.org:25565
DC_MUTEX-NYVYCRM
-
InstallPath
MSDCSC\System32Updater.exe
-
gencode
fGhl1lsjQLhX
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
System32Updaterdll
Targets
-
-
Target
9d2c41062b7f7c4f9a57bdb5e6f9f968282655bcd5558155d291d39f48159201
-
Size
408KB
-
MD5
c171355f55121ff719f5154f26a62a99
-
SHA1
804d0e75559bd804c199dfa87f5e2c76dfa552a5
-
SHA256
9d2c41062b7f7c4f9a57bdb5e6f9f968282655bcd5558155d291d39f48159201
-
SHA512
c23081efe058d881480d9f729993c9d40f538bf724b8edcfbc7f7b7abb7595b9fc0b27fbeb413bf340e56320ea08b5e3c0c94a858af3a64658289da41b08cc8f
-
SSDEEP
12288:kFj5x0oVQYQMhYfDiji+D17iOeklNv/VnhGqa:Aj3Kcji+DZreklNvthJ
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-