General
-
Target
030e0523148995ec2e91544642cacded035534ef6bf42c534336167fc96501f9
-
Size
252KB
-
Sample
201109-dqrzgf4ks6
-
MD5
81d1f0ba69f70c3b8eb6c00dea432dfe
-
SHA1
f2e23705a6a465e8e6c7f02f3b175e2e06e84719
-
SHA256
030e0523148995ec2e91544642cacded035534ef6bf42c534336167fc96501f9
-
SHA512
0fea7f04790a53638e2cc342f2d1713ba49363c31faa36bc5698f4f18be4b8d9f5006592b775d7c4bcf6f467f43fd005b80b5b6d5ad73aa3f0bfa344f0ad90ce
Static task
static1
Behavioral task
behavioral1
Sample
030e0523148995ec2e91544642cacded035534ef6bf42c534336167fc96501f9.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Guest16
ximer2020.ddns.net:1604
DC_MUTEX-4U0HFC0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
aDFqoxfKfrcR
-
install
true
-
offline_keylogger
true
-
password
82121020202222
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
030e0523148995ec2e91544642cacded035534ef6bf42c534336167fc96501f9
-
Size
252KB
-
MD5
81d1f0ba69f70c3b8eb6c00dea432dfe
-
SHA1
f2e23705a6a465e8e6c7f02f3b175e2e06e84719
-
SHA256
030e0523148995ec2e91544642cacded035534ef6bf42c534336167fc96501f9
-
SHA512
0fea7f04790a53638e2cc342f2d1713ba49363c31faa36bc5698f4f18be4b8d9f5006592b775d7c4bcf6f467f43fd005b80b5b6d5ad73aa3f0bfa344f0ad90ce
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-