General
-
Target
1aed63212325b876388be2e4059400bf6e80657bba88015a5a070d04015e89d4
-
Size
973KB
-
Sample
221125-eymmqsba98
-
MD5
f63aa46af12396a50d1f68bd969ff95b
-
SHA1
ce3eb67131da0fa698b6ea24a65a1f74171e1c2d
-
SHA256
1aed63212325b876388be2e4059400bf6e80657bba88015a5a070d04015e89d4
-
SHA512
abacac0172d020313fa65738dc84115c82a899fc5195841b90ba88bf7b3f095705a9ab4e535e1d5f459543ca14862288e2dd07295534552297cef20650c690d1
-
SSDEEP
24576:whotUmVLuqJaveCsAb4vpJrEZFu+qheOlzgZAM1XdbryV:iotdPXCQvpJrEfY32AM1XdU
Static task
static1
Behavioral task
behavioral1
Sample
Photos Of Complete Order.scr
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Photos Of Complete Order.scr
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
azuka
azuka419.ddns.net:10001
DC_MUTEX-24QP7RP
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
HPdfeX0hFstf
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
Photos Of Complete Order.scr
-
Size
1.3MB
-
MD5
5c81162aa56ef2d826fb9568067b1ba3
-
SHA1
52a1dfb2f44c721b5e788df50b255759c7d3b72e
-
SHA256
96f5c3b4b81378a06491ff6ee82ab71af01e85a8bea12bef2d49a1d083262198
-
SHA512
7dc2660161712176d9de1fb2b6f0cf92d031ff85f1ebf805652d2389e57c96541e55eae18cb477ebf07fa0545df9825ceabc97b07180c5e3d1bfac491c5e6b2b
-
SSDEEP
24576:GfZc4o2V3KorcRP87KdMYWtahGjjd/isDIPW:Gf+4o2YorU8umYYaUjjd/nDIPW
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-