General
-
Target
2171bac5512cef55ce1ffcf96bf1395d9a826f29bcff90a6c4cfe794d615575a
-
Size
252KB
-
Sample
201108-nzjzepz2en
-
MD5
a0303b31a98b225c23583db05b31bb78
-
SHA1
1d2843958d2fb7873763be62df48a4ad9d281e0a
-
SHA256
2171bac5512cef55ce1ffcf96bf1395d9a826f29bcff90a6c4cfe794d615575a
-
SHA512
b0ea5c2f2b67412951a825a56e36cf4e749843bfbae4f86588cc3a49203886c399d2a040a83db74ccf79b13fbbc3ccd398b916ef1bee2ae75ca5bfade152729b
Static task
static1
Behavioral task
behavioral1
Sample
2171bac5512cef55ce1ffcf96bf1395d9a826f29bcff90a6c4cfe794d615575a.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Guest16
ximer2020.ddns.net:1604
DC_MUTEX-4U0HFC0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
aDFqoxfKfrcR
-
install
true
-
offline_keylogger
true
-
password
82121020202222
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
2171bac5512cef55ce1ffcf96bf1395d9a826f29bcff90a6c4cfe794d615575a
-
Size
252KB
-
MD5
a0303b31a98b225c23583db05b31bb78
-
SHA1
1d2843958d2fb7873763be62df48a4ad9d281e0a
-
SHA256
2171bac5512cef55ce1ffcf96bf1395d9a826f29bcff90a6c4cfe794d615575a
-
SHA512
b0ea5c2f2b67412951a825a56e36cf4e749843bfbae4f86588cc3a49203886c399d2a040a83db74ccf79b13fbbc3ccd398b916ef1bee2ae75ca5bfade152729b
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-