General
-
Target
075448d611663baa510daefcb583469a
-
Size
548KB
-
Sample
231225-fynqgadfep
-
MD5
075448d611663baa510daefcb583469a
-
SHA1
c523655c92dbcc28b1a1fb2dd1f95e4333597f49
-
SHA256
6d0ce472e07e0bcedad9f932e82512e2f4dd3db90afa0b7004d736b4b7fe7672
-
SHA512
4caf88720b3d2306e2e006ca9bbc12373d9b088c09218c642feaf142023265fa9bbf0b057e86225adb8799b35d3070d9560709b198c4fea182b6047d161435ec
-
SSDEEP
12288:HC8+l4wxUipjq5+Mou292BPMusotX6rwzW6XVFJ04qp4OsYOhg59AoWmO:Kq292BPTf0npPv4mO
Static task
static1
Behavioral task
behavioral1
Sample
075448d611663baa510daefcb583469a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
075448d611663baa510daefcb583469a.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Slave
darkcometramon.zapto.org:1604
DC_MUTEX-WACNQ32
-
InstallPath
MSDCSC\Update.exe
-
gencode
1Zo5tGcdvz3w
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
WindowsUpdater
Targets
-
-
Target
075448d611663baa510daefcb583469a
-
Size
548KB
-
MD5
075448d611663baa510daefcb583469a
-
SHA1
c523655c92dbcc28b1a1fb2dd1f95e4333597f49
-
SHA256
6d0ce472e07e0bcedad9f932e82512e2f4dd3db90afa0b7004d736b4b7fe7672
-
SHA512
4caf88720b3d2306e2e006ca9bbc12373d9b088c09218c642feaf142023265fa9bbf0b057e86225adb8799b35d3070d9560709b198c4fea182b6047d161435ec
-
SSDEEP
12288:HC8+l4wxUipjq5+Mou292BPMusotX6rwzW6XVFJ04qp4OsYOhg59AoWmO:Kq292BPTf0npPv4mO
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-