General
-
Target
e6d7ca18087a13b366c3a044bf54d642a0a46ff77dd19114db8bf7990c0bd24e
-
Size
1.0MB
-
Sample
221130-ykgzwada8t
-
MD5
daf490df6a5fcb1ac47bdc6d5f235f70
-
SHA1
d8449c14407703a7194089f567173e6827fd3f69
-
SHA256
e6d7ca18087a13b366c3a044bf54d642a0a46ff77dd19114db8bf7990c0bd24e
-
SHA512
18e100806fe229acee93e200e6c10fb6fb07ec9b8323a9e7753fca59eaf4e5f97b017a28c956339b98b3fe0ce25e10a2f962d5cdcbc05231e45983f184bb6fe5
-
SSDEEP
24576:QqtjXbJKN77OhLQ8Qxc8PrzeXb9qa39IS3wx9G9UG+v:XxX4N7YbpErzObH39Iau9G9UR
Static task
static1
Behavioral task
behavioral1
Sample
e6d7ca18087a13b366c3a044bf54d642a0a46ff77dd19114db8bf7990c0bd24e.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e6d7ca18087a13b366c3a044bf54d642a0a46ff77dd19114db8bf7990c0bd24e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
YoDc
robttt.zapto.org:912
DC_MUTEX-BP5TXBD
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
3W7x0fxttgsw
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
rundll32
Targets
-
-
Target
e6d7ca18087a13b366c3a044bf54d642a0a46ff77dd19114db8bf7990c0bd24e
-
Size
1.0MB
-
MD5
daf490df6a5fcb1ac47bdc6d5f235f70
-
SHA1
d8449c14407703a7194089f567173e6827fd3f69
-
SHA256
e6d7ca18087a13b366c3a044bf54d642a0a46ff77dd19114db8bf7990c0bd24e
-
SHA512
18e100806fe229acee93e200e6c10fb6fb07ec9b8323a9e7753fca59eaf4e5f97b017a28c956339b98b3fe0ce25e10a2f962d5cdcbc05231e45983f184bb6fe5
-
SSDEEP
24576:QqtjXbJKN77OhLQ8Qxc8PrzeXb9qa39IS3wx9G9UG+v:XxX4N7YbpErzObH39Iau9G9UR
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-