General
-
Target
871946516302217e7bc990c5234765334d388721965bae023f04f69d35379358
-
Size
974KB
-
Sample
221202-r2kzjabf6v
-
MD5
64807c0971387756a28c9c56f8de150c
-
SHA1
ac9342a02234b970cb267c7919349c7df60078dd
-
SHA256
871946516302217e7bc990c5234765334d388721965bae023f04f69d35379358
-
SHA512
112bbd8dd68c451f68941988aaedb6e0f46c6d4877d556ea5495fe5b971e6e64d840c261750972c648cd9b676fbf6cf5d3111324c86fb16304ec43f0026463c8
-
SSDEEP
24576:W2uMcP1vw98GZGhxSGPJ6GjZ60+MsoG1t:xu5CZGWG9Z6924
Behavioral task
behavioral1
Sample
871946516302217e7bc990c5234765334d388721965bae023f04f69d35379358.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
871946516302217e7bc990c5234765334d388721965bae023f04f69d35379358.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
AEGIS 1.5 NAUJAUSIAS!
ratlogai.no-ip.biz:1604
DC_MUTEX-5L6E76L
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
lX3DjNYTGGxW
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
871946516302217e7bc990c5234765334d388721965bae023f04f69d35379358
-
Size
974KB
-
MD5
64807c0971387756a28c9c56f8de150c
-
SHA1
ac9342a02234b970cb267c7919349c7df60078dd
-
SHA256
871946516302217e7bc990c5234765334d388721965bae023f04f69d35379358
-
SHA512
112bbd8dd68c451f68941988aaedb6e0f46c6d4877d556ea5495fe5b971e6e64d840c261750972c648cd9b676fbf6cf5d3111324c86fb16304ec43f0026463c8
-
SSDEEP
24576:W2uMcP1vw98GZGhxSGPJ6GjZ60+MsoG1t:xu5CZGWG9Z6924
-
Detect Neshta payload
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-