General
-
Target
136a7ffea17fe69ac90d7af6ec1f17ff41bb8ce09bc8c28bd4d331861285ff5b
-
Size
252KB
-
Sample
201113-lxqybspzle
-
MD5
8ac0a60849f224af190f126a5222788f
-
SHA1
afd425ae211d493f85227cb05929d2784345f4b3
-
SHA256
136a7ffea17fe69ac90d7af6ec1f17ff41bb8ce09bc8c28bd4d331861285ff5b
-
SHA512
928932ee4910fecbeee60052f81235c5a8fb6e0a8f20873f4db98e22559b9134d4d33b27f654a613880eb4df5bbe3d10930e0e6f57ebc60cb78494a8b5214d02
Static task
static1
Behavioral task
behavioral1
Sample
136a7ffea17fe69ac90d7af6ec1f17ff41bb8ce09bc8c28bd4d331861285ff5b.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Guest16
ximer2020.ddns.net:1604
DC_MUTEX-4U0HFC0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
aDFqoxfKfrcR
-
install
true
-
offline_keylogger
true
-
password
82121020202222
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
136a7ffea17fe69ac90d7af6ec1f17ff41bb8ce09bc8c28bd4d331861285ff5b
-
Size
252KB
-
MD5
8ac0a60849f224af190f126a5222788f
-
SHA1
afd425ae211d493f85227cb05929d2784345f4b3
-
SHA256
136a7ffea17fe69ac90d7af6ec1f17ff41bb8ce09bc8c28bd4d331861285ff5b
-
SHA512
928932ee4910fecbeee60052f81235c5a8fb6e0a8f20873f4db98e22559b9134d4d33b27f654a613880eb4df5bbe3d10930e0e6f57ebc60cb78494a8b5214d02
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-