General
-
Target
196823449602346358b5f114c451a745a50238c1932d5e78a9d143294cb21114
-
Size
1.3MB
-
Sample
221125-wtd88sea24
-
MD5
e9b43d240d7cfe184feee485a5582d12
-
SHA1
ca7e417cb7ea419c46bf5806c0aaf7150c539990
-
SHA256
196823449602346358b5f114c451a745a50238c1932d5e78a9d143294cb21114
-
SHA512
5cc6ac4a14ed6e6db637509a9cd340fe6d75836b4083179b1a50facdb987b9e52365199576a76b0c9a81870822f1367ea59a227c435c51c27139e53b706ca817
-
SSDEEP
24576:mhEVaPqLTrLMVGAJe2JEB8XA+Bnv+sYmv1z6D1lcmxnAMYhl8h:UEVUc/AJe2JsvGvTzKlcmGMmlu
Behavioral task
behavioral1
Sample
196823449602346358b5f114c451a745a50238c1932d5e78a9d143294cb21114.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
CHurka
85.93.52.232:1604
DC_MUTEX-XUETUYT
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
lw18MRhbwShC
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
196823449602346358b5f114c451a745a50238c1932d5e78a9d143294cb21114
-
Size
1.3MB
-
MD5
e9b43d240d7cfe184feee485a5582d12
-
SHA1
ca7e417cb7ea419c46bf5806c0aaf7150c539990
-
SHA256
196823449602346358b5f114c451a745a50238c1932d5e78a9d143294cb21114
-
SHA512
5cc6ac4a14ed6e6db637509a9cd340fe6d75836b4083179b1a50facdb987b9e52365199576a76b0c9a81870822f1367ea59a227c435c51c27139e53b706ca817
-
SSDEEP
24576:mhEVaPqLTrLMVGAJe2JEB8XA+Bnv+sYmv1z6D1lcmxnAMYhl8h:UEVUc/AJe2JsvGvTzKlcmGMmlu
-
Detect Neshta payload
-
Modifies WinLogon for persistence
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-