General
-
Target
4f66e8cd1ac8e685e39c3ed2b1b8cb99525fde8bd36921afe2456f9c9ea31fb1
-
Size
251KB
-
Sample
201113-gkgzfcfkq6
-
MD5
44fa6d3ed60372a6e2fc42a8d37d1a0f
-
SHA1
b37f23945917b4a32e20f8e0760a002164f39e85
-
SHA256
4f66e8cd1ac8e685e39c3ed2b1b8cb99525fde8bd36921afe2456f9c9ea31fb1
-
SHA512
1bfde61583860f33e2375cfcd0e9fcfa334520db541e47281f8d5e188ea5a0c978f4153b5bcc1a5304a7a187910d2c0dba777bd724b39ccb2bdf862f2843f63b
Static task
static1
Behavioral task
behavioral1
Sample
4f66e8cd1ac8e685e39c3ed2b1b8cb99525fde8bd36921afe2456f9c9ea31fb1.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Sazan
127.0.0.1:1604
DC_MUTEX-FG9B2GA
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
j5zPqt9UKPk3
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
4f66e8cd1ac8e685e39c3ed2b1b8cb99525fde8bd36921afe2456f9c9ea31fb1
-
Size
251KB
-
MD5
44fa6d3ed60372a6e2fc42a8d37d1a0f
-
SHA1
b37f23945917b4a32e20f8e0760a002164f39e85
-
SHA256
4f66e8cd1ac8e685e39c3ed2b1b8cb99525fde8bd36921afe2456f9c9ea31fb1
-
SHA512
1bfde61583860f33e2375cfcd0e9fcfa334520db541e47281f8d5e188ea5a0c978f4153b5bcc1a5304a7a187910d2c0dba777bd724b39ccb2bdf862f2843f63b
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-