General
-
Target
57ebd0be0270a97b374ea1ec73f4f5cc7c8f8c2784ddb301ecaf7f155831bc9d
-
Size
497KB
-
Sample
221126-2lmhjaea7t
-
MD5
3e064b1071ad430572a3f6cf93bded95
-
SHA1
d20ebd5022710f10d2cb34381eddf4c4fb6c1112
-
SHA256
57ebd0be0270a97b374ea1ec73f4f5cc7c8f8c2784ddb301ecaf7f155831bc9d
-
SHA512
05b408e8e35de2a2e73c0b0bc07a9c88ef548b9f3ed071f81460c75748825a0f776a8082f1e556d3cb27cd73bc1c98091abf3f2d7c8fcd3e0df90fdf2cd63b26
-
SSDEEP
12288:RSrLA/nD6+NQzJFnC6PCgS3AFsFp7ZT/:RSrLQ60SXag8Akl
Static task
static1
Behavioral task
behavioral1
Sample
57ebd0be0270a97b374ea1ec73f4f5cc7c8f8c2784ddb301ecaf7f155831bc9d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
57ebd0be0270a97b374ea1ec73f4f5cc7c8f8c2784ddb301ecaf7f155831bc9d.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
newnet
raymondong.no-ip.org:1604
DC_MUTEX-USJ8V54
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
rcNQGPe0V03M
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
57ebd0be0270a97b374ea1ec73f4f5cc7c8f8c2784ddb301ecaf7f155831bc9d
-
Size
497KB
-
MD5
3e064b1071ad430572a3f6cf93bded95
-
SHA1
d20ebd5022710f10d2cb34381eddf4c4fb6c1112
-
SHA256
57ebd0be0270a97b374ea1ec73f4f5cc7c8f8c2784ddb301ecaf7f155831bc9d
-
SHA512
05b408e8e35de2a2e73c0b0bc07a9c88ef548b9f3ed071f81460c75748825a0f776a8082f1e556d3cb27cd73bc1c98091abf3f2d7c8fcd3e0df90fdf2cd63b26
-
SSDEEP
12288:RSrLA/nD6+NQzJFnC6PCgS3AFsFp7ZT/:RSrLQ60SXag8Akl
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-