General
-
Target
84e84811d0a8dea14b35158d7fb3dca60e14a1269112f86fa203cb52546a1ed6
-
Size
777KB
-
Sample
221203-etnn8sdc89
-
MD5
9a0c73da5e5e1c38b9f0fe940c24fada
-
SHA1
ba3257981c02c0615217b433fecb9773d2e5cdf1
-
SHA256
84e84811d0a8dea14b35158d7fb3dca60e14a1269112f86fa203cb52546a1ed6
-
SHA512
93db12d4e1910f5697593a7abd7b027dc69a61eaa17854376132d2f2c38b6f85a8adbc6f11c7b365cbbc87a55f2a75ae14a99da21ef55c9c39fc14ca57cecde0
-
SSDEEP
12288:YXOb+o1MQqCXOL9Qj9jPTUbO0CauCfQfkkqxbjMhVkdAKX/RQhsPS:2Tj99QjhPTUarUf4knxbjMhuX/CSK
Static task
static1
Behavioral task
behavioral1
Sample
84e84811d0a8dea14b35158d7fb3dca60e14a1269112f86fa203cb52546a1ed6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
84e84811d0a8dea14b35158d7fb3dca60e14a1269112f86fa203cb52546a1ed6.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Guest16
clarcer.no-ip.org:82
DC_MUTEX-P6YHAT1
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Xn5U4zagbStz
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
rundll32
Targets
-
-
Target
84e84811d0a8dea14b35158d7fb3dca60e14a1269112f86fa203cb52546a1ed6
-
Size
777KB
-
MD5
9a0c73da5e5e1c38b9f0fe940c24fada
-
SHA1
ba3257981c02c0615217b433fecb9773d2e5cdf1
-
SHA256
84e84811d0a8dea14b35158d7fb3dca60e14a1269112f86fa203cb52546a1ed6
-
SHA512
93db12d4e1910f5697593a7abd7b027dc69a61eaa17854376132d2f2c38b6f85a8adbc6f11c7b365cbbc87a55f2a75ae14a99da21ef55c9c39fc14ca57cecde0
-
SSDEEP
12288:YXOb+o1MQqCXOL9Qj9jPTUbO0CauCfQfkkqxbjMhVkdAKX/RQhsPS:2Tj99QjhPTUarUf4knxbjMhuX/CSK
Score10/10-
Modifies WinLogon for persistence
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-