General
-
Target
ba44e79fa6d4eff102e72b020e38773313169a506fe122299249966c03ff5929
-
Size
252KB
-
Sample
201115-evc6tdmtc2
-
MD5
211a09040d2cb30152089b6510fbb9f1
-
SHA1
df0098c310c380d37bc196e63b5fed540f64779a
-
SHA256
ba44e79fa6d4eff102e72b020e38773313169a506fe122299249966c03ff5929
-
SHA512
f89f11c1140da0798ae447e35055a3d5b948a5815dba9c1bf05b546390d74e1bfb2decf4e3e6c2f8487455e165ec2752c362b45a6ac42b43da04eed9bd35f6ff
Static task
static1
Behavioral task
behavioral1
Sample
ba44e79fa6d4eff102e72b020e38773313169a506fe122299249966c03ff5929.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Guest16
ximer2020.ddns.net:1604
DC_MUTEX-4U0HFC0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
aDFqoxfKfrcR
-
install
true
-
offline_keylogger
true
-
password
82121020202222
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
ba44e79fa6d4eff102e72b020e38773313169a506fe122299249966c03ff5929
-
Size
252KB
-
MD5
211a09040d2cb30152089b6510fbb9f1
-
SHA1
df0098c310c380d37bc196e63b5fed540f64779a
-
SHA256
ba44e79fa6d4eff102e72b020e38773313169a506fe122299249966c03ff5929
-
SHA512
f89f11c1140da0798ae447e35055a3d5b948a5815dba9c1bf05b546390d74e1bfb2decf4e3e6c2f8487455e165ec2752c362b45a6ac42b43da04eed9bd35f6ff
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-