General
-
Target
c97cf0d0a0a498ecfd3474d97cf5314f399dacea63701df422f1b0199ad28608
-
Size
252KB
-
Sample
201106-b4nb3r9496
-
MD5
9d1f92ac5af5eff6e517e587e1e8278b
-
SHA1
732ca21d250323be7b2ef24c3c335005e839b196
-
SHA256
c97cf0d0a0a498ecfd3474d97cf5314f399dacea63701df422f1b0199ad28608
-
SHA512
715a7cdb9f2270c447aae9df60be3a2ace48fa276da2ef09161b558b255434e74f5fb3c423b82813c1574bd37e2645ea1cea3375bb613c2b6c7064ed95478063
Static task
static1
Behavioral task
behavioral1
Sample
c97cf0d0a0a498ecfd3474d97cf5314f399dacea63701df422f1b0199ad28608.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Guest16
ximer2020.ddns.net:1604
DC_MUTEX-4U0HFC0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
aDFqoxfKfrcR
-
install
true
-
offline_keylogger
true
-
password
82121020202222
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
c97cf0d0a0a498ecfd3474d97cf5314f399dacea63701df422f1b0199ad28608
-
Size
252KB
-
MD5
9d1f92ac5af5eff6e517e587e1e8278b
-
SHA1
732ca21d250323be7b2ef24c3c335005e839b196
-
SHA256
c97cf0d0a0a498ecfd3474d97cf5314f399dacea63701df422f1b0199ad28608
-
SHA512
715a7cdb9f2270c447aae9df60be3a2ace48fa276da2ef09161b558b255434e74f5fb3c423b82813c1574bd37e2645ea1cea3375bb613c2b6c7064ed95478063
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-