General
-
Target
b79e1b1c27f4d27629213c9cd6b348507e201a175f9e88b631a8fd51323311b4
-
Size
474KB
-
Sample
221203-hg2xwach36
-
MD5
10d8db9c89b6b8d766a899da925517ae
-
SHA1
a7749810330ac5e76896eabe72fafa1b28924913
-
SHA256
b79e1b1c27f4d27629213c9cd6b348507e201a175f9e88b631a8fd51323311b4
-
SHA512
763badf29a6554542aa8974e609a8d09e21a3ee535e5156977c06616071a70b1b1f2d4d3aa47ebf0713dbb847b56764b831495e9b148d02493651dd5977a6c26
-
SSDEEP
12288:C2LVSjLqDJZMQzzdrikNOQsLr3dP7/JkHlpAuuVP427tDGTz:FLg29+QFriPQsLDhrJ2A5Vw27tqTz
Static task
static1
Behavioral task
behavioral1
Sample
b79e1b1c27f4d27629213c9cd6b348507e201a175f9e88b631a8fd51323311b4.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Guest16
hellobhaiji.no-ip.org:1604
DC_MUTEX-SE6LJZ8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
mlhnz99gxBf3
-
install
true
-
offline_keylogger
true
-
password
123456789
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
b79e1b1c27f4d27629213c9cd6b348507e201a175f9e88b631a8fd51323311b4
-
Size
474KB
-
MD5
10d8db9c89b6b8d766a899da925517ae
-
SHA1
a7749810330ac5e76896eabe72fafa1b28924913
-
SHA256
b79e1b1c27f4d27629213c9cd6b348507e201a175f9e88b631a8fd51323311b4
-
SHA512
763badf29a6554542aa8974e609a8d09e21a3ee535e5156977c06616071a70b1b1f2d4d3aa47ebf0713dbb847b56764b831495e9b148d02493651dd5977a6c26
-
SSDEEP
12288:C2LVSjLqDJZMQzzdrikNOQsLr3dP7/JkHlpAuuVP427tDGTz:FLg29+QFriPQsLDhrJ2A5Vw27tqTz
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-