General
-
Target
5943effc5341ed40e50e71b719d370031f4938d68f806204564ee4c71f2a68d0
-
Size
3.5MB
-
Sample
201106-w6a845aftj
-
MD5
1d1d1d3bbd32a651a4d3a5f7921d85f2
-
SHA1
cabc5f91a11bda3a0b25b477093d7e7204b0c056
-
SHA256
5943effc5341ed40e50e71b719d370031f4938d68f806204564ee4c71f2a68d0
-
SHA512
40c4f55e07e6a8df507408fdd7443883fecd767d77ea57a0475e517050bcb2a31ba961d207b67d38ff64b673ff949822f734a8a3bfc1cfa13197769ad92a959a
Static task
static1
Behavioral task
behavioral1
Sample
5943effc5341ed40e50e71b719d370031f4938d68f806204564ee4c71f2a68d0.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Guest16
console-wifi.ddns.net:1604
DC_MUTEX-8VGGSVK
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ifCVVYKKmA7g
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
5943effc5341ed40e50e71b719d370031f4938d68f806204564ee4c71f2a68d0
-
Size
3.5MB
-
MD5
1d1d1d3bbd32a651a4d3a5f7921d85f2
-
SHA1
cabc5f91a11bda3a0b25b477093d7e7204b0c056
-
SHA256
5943effc5341ed40e50e71b719d370031f4938d68f806204564ee4c71f2a68d0
-
SHA512
40c4f55e07e6a8df507408fdd7443883fecd767d77ea57a0475e517050bcb2a31ba961d207b67d38ff64b673ff949822f734a8a3bfc1cfa13197769ad92a959a
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-