General
-
Target
ca73c1e272f0634901c4bd5f0ff8942f44739eca23b653d02bae3dd87819b162
-
Size
2.2MB
-
Sample
221203-flyd5sfg22
-
MD5
2143e3f661a12e987a590a19c62e80e5
-
SHA1
178ac441bec96294ed7afcb6c11f6ba3e3143a75
-
SHA256
ca73c1e272f0634901c4bd5f0ff8942f44739eca23b653d02bae3dd87819b162
-
SHA512
b029cf8f8c146f4f4a29cb0204f60e659a200b4589cde0842fd4b456e364ea4bc6e4c555e74c92341fdb52f9529bfb54858f6104ede4796373d5883e5e1a8fb7
-
SSDEEP
49152:MHNRaJsiPfkOal/74cs4CAkVAh3KLHeNjEWuRxaa995XzIGbn:MmJsmCNvYf+NjER0a95XzLn
Static task
static1
Behavioral task
behavioral1
Sample
ca73c1e272f0634901c4bd5f0ff8942f44739eca23b653d02bae3dd87819b162.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ca73c1e272f0634901c4bd5f0ff8942f44739eca23b653d02bae3dd87819b162.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
HF
darthquigon.no-ip.org:1604
DC_MUTEX-4R4M43Q
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
gNEQEuffZJHa
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
ca73c1e272f0634901c4bd5f0ff8942f44739eca23b653d02bae3dd87819b162
-
Size
2.2MB
-
MD5
2143e3f661a12e987a590a19c62e80e5
-
SHA1
178ac441bec96294ed7afcb6c11f6ba3e3143a75
-
SHA256
ca73c1e272f0634901c4bd5f0ff8942f44739eca23b653d02bae3dd87819b162
-
SHA512
b029cf8f8c146f4f4a29cb0204f60e659a200b4589cde0842fd4b456e364ea4bc6e4c555e74c92341fdb52f9529bfb54858f6104ede4796373d5883e5e1a8fb7
-
SSDEEP
49152:MHNRaJsiPfkOal/74cs4CAkVAh3KLHeNjEWuRxaa995XzIGbn:MmJsmCNvYf+NjER0a95XzLn
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-