General
-
Target
c2eec1701284699343ae2acb7a659b19f9275ab1742d7f5da526a5ef37f15c2e
-
Size
1.7MB
-
Sample
221129-nskevseg53
-
MD5
49d1338dd124baf0102b62040d11fbad
-
SHA1
e06d262b039ddbc61e89787b28224aa2bf64770b
-
SHA256
c2eec1701284699343ae2acb7a659b19f9275ab1742d7f5da526a5ef37f15c2e
-
SHA512
4bd2740e630f013d53c63f13eb34083d4892c73aa78e72d36bd0273ba8134a6eebc8b9949aaa03685f199177053254b4271a2a0be662db1b5dd43259b5e19440
-
SSDEEP
24576:Ooad3G11e7FXE61jqAdc9DH/73df8XoxZlYscJsLn1D4L4oSnJRB:OoaRlXE6GtU4hYse+n1kcr
Static task
static1
Behavioral task
behavioral1
Sample
c2eec1701284699343ae2acb7a659b19f9275ab1742d7f5da526a5ef37f15c2e.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Main
leinuo2rat.no-ip.biz:1604
DC_MUTEX-ZPESHXD
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
KlPD5oRnmTw4
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Updata
Targets
-
-
Target
c2eec1701284699343ae2acb7a659b19f9275ab1742d7f5da526a5ef37f15c2e
-
Size
1.7MB
-
MD5
49d1338dd124baf0102b62040d11fbad
-
SHA1
e06d262b039ddbc61e89787b28224aa2bf64770b
-
SHA256
c2eec1701284699343ae2acb7a659b19f9275ab1742d7f5da526a5ef37f15c2e
-
SHA512
4bd2740e630f013d53c63f13eb34083d4892c73aa78e72d36bd0273ba8134a6eebc8b9949aaa03685f199177053254b4271a2a0be662db1b5dd43259b5e19440
-
SSDEEP
24576:Ooad3G11e7FXE61jqAdc9DH/73df8XoxZlYscJsLn1D4L4oSnJRB:OoaRlXE6GtU4hYse+n1kcr
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-