General
-
Target
cb5d869480fadf9ac88734a531f24ae3
-
Size
384KB
-
Sample
201026-ch9jw79116
-
MD5
cb5d869480fadf9ac88734a531f24ae3
-
SHA1
04a2cea38e15c21d3dc143e0f7d17ffc0432a748
-
SHA256
8792d522649c672f68fcd7ae8df6a55a7171daf2be2370d3e1c6966153cf2d7c
-
SHA512
fe8515c4b734561984c274b5c40daca558a0cb7ea815304a31c1567807dc04506a0de66ca141696ca7f1cff881fabbc4ecea72982106975b4c1baa7b5ada1463
Static task
static1
Behavioral task
behavioral1
Sample
cb5d869480fadf9ac88734a531f24ae3.exe
Resource
win7
Malware Config
Extracted
darkcomet
Guest16
jgcgame.ddns.net:1604
jgcgame.ddns.net:8080
DC_MUTEX-YKH6571
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
uRgFclvSN3Xu
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
cb5d869480fadf9ac88734a531f24ae3
-
Size
384KB
-
MD5
cb5d869480fadf9ac88734a531f24ae3
-
SHA1
04a2cea38e15c21d3dc143e0f7d17ffc0432a748
-
SHA256
8792d522649c672f68fcd7ae8df6a55a7171daf2be2370d3e1c6966153cf2d7c
-
SHA512
fe8515c4b734561984c274b5c40daca558a0cb7ea815304a31c1567807dc04506a0de66ca141696ca7f1cff881fabbc4ecea72982106975b4c1baa7b5ada1463
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-