General
-
Target
fe33af96e241d26bfa10793a2b8fb37667c10c8b17c5f634d8d91d20d038d7b8
-
Size
252KB
-
Sample
201111-qk1aee1vea
-
MD5
a20873c234b2d2c5af626ff4e1f4c6c4
-
SHA1
99064fca19c54039e58db4b611e56b80f1fbe5ec
-
SHA256
fe33af96e241d26bfa10793a2b8fb37667c10c8b17c5f634d8d91d20d038d7b8
-
SHA512
fedf17e9bc9402644b906071c27163d3e22ee6e20551cb0be0e7b8a37298909f7b3ae87a423c849d9de8cc751c892fbcee606dccd90fe031daca9daf496046dc
Static task
static1
Behavioral task
behavioral1
Sample
fe33af96e241d26bfa10793a2b8fb37667c10c8b17c5f634d8d91d20d038d7b8.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
fe33af96e241d26bfa10793a2b8fb37667c10c8b17c5f634d8d91d20d038d7b8.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Guest16
ximer2020.ddns.net:1604
DC_MUTEX-4U0HFC0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
aDFqoxfKfrcR
-
install
true
-
offline_keylogger
true
-
password
82121020202222
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
fe33af96e241d26bfa10793a2b8fb37667c10c8b17c5f634d8d91d20d038d7b8
-
Size
252KB
-
MD5
a20873c234b2d2c5af626ff4e1f4c6c4
-
SHA1
99064fca19c54039e58db4b611e56b80f1fbe5ec
-
SHA256
fe33af96e241d26bfa10793a2b8fb37667c10c8b17c5f634d8d91d20d038d7b8
-
SHA512
fedf17e9bc9402644b906071c27163d3e22ee6e20551cb0be0e7b8a37298909f7b3ae87a423c849d9de8cc751c892fbcee606dccd90fe031daca9daf496046dc
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-