General
-
Target
46e316656467773c8c7044d69005ff9abac681d72608bcad5aa494e747b63c3f
-
Size
251KB
-
Sample
201108-zjkcw31xzj
-
MD5
fede7a68bdb1f79b5f09c590b1226e34
-
SHA1
48037cae2e1fbd08b80f39e43c8209acaf3e4dd6
-
SHA256
46e316656467773c8c7044d69005ff9abac681d72608bcad5aa494e747b63c3f
-
SHA512
4926d0eb30428c18e09553a3a66a677bb746c635c3bbe024a14270a6bf4da089c4564d449856d15e3ba4bd515fbe1daedbc3af631b064feafe2a333d12b821ff
Static task
static1
Behavioral task
behavioral1
Sample
46e316656467773c8c7044d69005ff9abac681d72608bcad5aa494e747b63c3f.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Sazan
127.0.0.1:1604
DC_MUTEX-FG9B2GA
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
j5zPqt9UKPk3
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
46e316656467773c8c7044d69005ff9abac681d72608bcad5aa494e747b63c3f
-
Size
251KB
-
MD5
fede7a68bdb1f79b5f09c590b1226e34
-
SHA1
48037cae2e1fbd08b80f39e43c8209acaf3e4dd6
-
SHA256
46e316656467773c8c7044d69005ff9abac681d72608bcad5aa494e747b63c3f
-
SHA512
4926d0eb30428c18e09553a3a66a677bb746c635c3bbe024a14270a6bf4da089c4564d449856d15e3ba4bd515fbe1daedbc3af631b064feafe2a333d12b821ff
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-