General
-
Target
a20873c234b2d2c5af626ff4e1f4c6c4
-
Size
252KB
-
Sample
201117-b7vd9t4xnx
-
MD5
0a6d39443f4e9faebb2675ff08435bc7
-
SHA1
6a70c0db2a49e608b456e615cbf734d6df93a5dd
-
SHA256
dc659e2a3ae9c87215da2d9ad649553c5471987a7b4e143226a8142fb934f52d
-
SHA512
68d7271a822d2b1307bba0ab80a8eace0c56f33195bdef076bcbcac44eaaf3459b71da832cad49f1512516b862b536cce6a8c2ee50700bbba6ecc100e358ab5a
Static task
static1
Behavioral task
behavioral1
Sample
a20873c234b2d2c5af626ff4e1f4c6c4.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Guest16
ximer2020.ddns.net:1604
DC_MUTEX-4U0HFC0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
aDFqoxfKfrcR
-
install
true
-
offline_keylogger
true
-
password
82121020202222
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
a20873c234b2d2c5af626ff4e1f4c6c4
-
Size
252KB
-
MD5
0a6d39443f4e9faebb2675ff08435bc7
-
SHA1
6a70c0db2a49e608b456e615cbf734d6df93a5dd
-
SHA256
dc659e2a3ae9c87215da2d9ad649553c5471987a7b4e143226a8142fb934f52d
-
SHA512
68d7271a822d2b1307bba0ab80a8eace0c56f33195bdef076bcbcac44eaaf3459b71da832cad49f1512516b862b536cce6a8c2ee50700bbba6ecc100e358ab5a
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-