General
-
Target
94083535c21ab05d2f041cf7b99da107adb38c8a871163305f4027ebf389c686
-
Size
873KB
-
Sample
221125-h9zm8aed5t
-
MD5
30579e0d9d850264acc6019518fcd1a8
-
SHA1
4b978cdfbe709286814040d65b757db967d3897a
-
SHA256
94083535c21ab05d2f041cf7b99da107adb38c8a871163305f4027ebf389c686
-
SHA512
44a3bdf0c26e727b96a88e9d35616a5b6efabdd228c590fed2107dbdac02cfc47b9722bae805cc3fef863913b0e18b34e02e3d6837cbd9ca9fd84aa08ed7eff3
-
SSDEEP
12288:2GopSuXh1gducHobZ5TTXraU4RFH4nQFAvQsg1W98a/Xcg5P0wf7:2x7baPF6QFAvSW986j007
Static task
static1
Behavioral task
behavioral1
Sample
94083535c21ab05d2f041cf7b99da107adb38c8a871163305f4027ebf389c686.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
kelvindrk.no-ip.biz:1008
DC_MUTEX-DXAW4U7
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
B7nmveDZ5jn1
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
94083535c21ab05d2f041cf7b99da107adb38c8a871163305f4027ebf389c686
-
Size
873KB
-
MD5
30579e0d9d850264acc6019518fcd1a8
-
SHA1
4b978cdfbe709286814040d65b757db967d3897a
-
SHA256
94083535c21ab05d2f041cf7b99da107adb38c8a871163305f4027ebf389c686
-
SHA512
44a3bdf0c26e727b96a88e9d35616a5b6efabdd228c590fed2107dbdac02cfc47b9722bae805cc3fef863913b0e18b34e02e3d6837cbd9ca9fd84aa08ed7eff3
-
SSDEEP
12288:2GopSuXh1gducHobZ5TTXraU4RFH4nQFAvQsg1W98a/Xcg5P0wf7:2x7baPF6QFAvSW986j007
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-