General
-
Target
4986848f6207538a84edd2a743bf5516b4f0f1c590c921a8cb41f3a02e4a5175
-
Size
1.1MB
-
Sample
221126-cj6qysha7t
-
MD5
c9c5d851a63a1453821c448809b9d979
-
SHA1
7f7d95e0d21b1fc3e892c54197ab03938c36828b
-
SHA256
4986848f6207538a84edd2a743bf5516b4f0f1c590c921a8cb41f3a02e4a5175
-
SHA512
23808e72d542e9b534377c0979b10fec87d483c2ef21f721bc736e9720e801c6a6b56c64a1704bb084a8df6e78ecf70f6ce631fad4a39940bfc2f4ffb6ae35ce
-
SSDEEP
24576:2y7DFR9KwHS+MASroQTph+G8u0ORwMTRGTIwX4cxgFWYS0k:Q0ORBN9mgdSF
Static task
static1
Behavioral task
behavioral1
Sample
4986848f6207538a84edd2a743bf5516b4f0f1c590c921a8cb41f3a02e4a5175.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4986848f6207538a84edd2a743bf5516b4f0f1c590c921a8cb41f3a02e4a5175.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
update
oliv33r.ddns.net:9033
DC_MUTEX-D8Z54GK
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Ht63gFPXLsUs
-
install
true
-
offline_keylogger
true
-
password
9123
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
4986848f6207538a84edd2a743bf5516b4f0f1c590c921a8cb41f3a02e4a5175
-
Size
1.1MB
-
MD5
c9c5d851a63a1453821c448809b9d979
-
SHA1
7f7d95e0d21b1fc3e892c54197ab03938c36828b
-
SHA256
4986848f6207538a84edd2a743bf5516b4f0f1c590c921a8cb41f3a02e4a5175
-
SHA512
23808e72d542e9b534377c0979b10fec87d483c2ef21f721bc736e9720e801c6a6b56c64a1704bb084a8df6e78ecf70f6ce631fad4a39940bfc2f4ffb6ae35ce
-
SSDEEP
24576:2y7DFR9KwHS+MASroQTph+G8u0ORwMTRGTIwX4cxgFWYS0k:Q0ORBN9mgdSF
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-