General
-
Target
89f3bc10ad7748145c44f746066f152f6ccf05e3511c2bfa5873dddc00a03aa6
-
Size
723KB
-
Sample
221126-dff7kabc61
-
MD5
b25bd71e8613309be7244bfa481251a3
-
SHA1
c1a3de591c2fd1eb0e3e48ea605682e05944ff64
-
SHA256
89f3bc10ad7748145c44f746066f152f6ccf05e3511c2bfa5873dddc00a03aa6
-
SHA512
8b711da64fdfd0185fff31afb54bdce3b14c2fd8a6e282ee7a28728d69c899fb6bbf815ef10380cf85389fdf0e28bdf30633c0e05ac7a90d14694cf43ac3c118
-
SSDEEP
12288:4a9qf8JfWTEa2uD/hCknCwpxKUHolNuPNcz6wNUKW4ZM+MJyXmEG:4awk6Ea2/kCSYYAN+czrUK3DG
Behavioral task
behavioral1
Sample
89f3bc10ad7748145c44f746066f152f6ccf05e3511c2bfa5873dddc00a03aa6.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
DOS
85.93.52.232:1604
DC_MUTEX-HJF80AB
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
lFGSk0NKV6by
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
89f3bc10ad7748145c44f746066f152f6ccf05e3511c2bfa5873dddc00a03aa6
-
Size
723KB
-
MD5
b25bd71e8613309be7244bfa481251a3
-
SHA1
c1a3de591c2fd1eb0e3e48ea605682e05944ff64
-
SHA256
89f3bc10ad7748145c44f746066f152f6ccf05e3511c2bfa5873dddc00a03aa6
-
SHA512
8b711da64fdfd0185fff31afb54bdce3b14c2fd8a6e282ee7a28728d69c899fb6bbf815ef10380cf85389fdf0e28bdf30633c0e05ac7a90d14694cf43ac3c118
-
SSDEEP
12288:4a9qf8JfWTEa2uD/hCknCwpxKUHolNuPNcz6wNUKW4ZM+MJyXmEG:4awk6Ea2/kCSYYAN+czrUK3DG
-
Detect Neshta payload
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-