General
-
Target
bc7f0ec83577f07d0e4238401dc0e4f09d1d23bc45b05dd6cf59e60a9e51db59
-
Size
452KB
-
Sample
221123-sxzskace42
-
MD5
2e3ab1bbf15e53f6b7157c2d75808562
-
SHA1
2830a10c16acfb19d06ee71c366f699068507e36
-
SHA256
bc7f0ec83577f07d0e4238401dc0e4f09d1d23bc45b05dd6cf59e60a9e51db59
-
SHA512
ac0c57ef76ce7d06a78f71f1a81335fc110265b7c3f99b1e0ceed332045044fa6442dc02b90c7b248f0381b8628ce0b3956c2a0051f3f6d87e15a93c88f24665
-
SSDEEP
12288:8mPNiMwOB3vWON7iPsPNIP4Xvfr/6kQCsfbin:8iNizOB/ECK4XvfD+Csbin
Static task
static1
Behavioral task
behavioral1
Sample
bc7f0ec83577f07d0e4238401dc0e4f09d1d23bc45b05dd6cf59e60a9e51db59.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Victim
jrusse.no-ip.org:5050
DC_MUTEX-SANCFCW
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Xl6PgidaJaTh
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
rundll32
Targets
-
-
Target
bc7f0ec83577f07d0e4238401dc0e4f09d1d23bc45b05dd6cf59e60a9e51db59
-
Size
452KB
-
MD5
2e3ab1bbf15e53f6b7157c2d75808562
-
SHA1
2830a10c16acfb19d06ee71c366f699068507e36
-
SHA256
bc7f0ec83577f07d0e4238401dc0e4f09d1d23bc45b05dd6cf59e60a9e51db59
-
SHA512
ac0c57ef76ce7d06a78f71f1a81335fc110265b7c3f99b1e0ceed332045044fa6442dc02b90c7b248f0381b8628ce0b3956c2a0051f3f6d87e15a93c88f24665
-
SSDEEP
12288:8mPNiMwOB3vWON7iPsPNIP4Xvfr/6kQCsfbin:8iNizOB/ECK4XvfD+Csbin
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-