General
-
Target
417dd0fc267b52a099e6d21e2f587448
-
Size
252KB
-
Sample
201117-ff5v78ch1x
-
MD5
d87a0b6ff3b80619eff6a91dcbbc92f2
-
SHA1
2bd496d9718547ba4ff87aab82ef78e7d020b586
-
SHA256
bdca22b50a716ac1106fce8eb7fbb0df989bbf381329e952d16be68dc01c6477
-
SHA512
da4d7b6ddb9ac15f82ed0e9452e4e90e474c3b22a2b4eb859f3e34033676d1e6e117278a1c65a22ba27a3ba4199c8b5334b8d036d139a3e5071f917c8026df1e
Static task
static1
Behavioral task
behavioral1
Sample
417dd0fc267b52a099e6d21e2f587448.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Guest16
batchlove.hopto.org:1605
DC_MUTEX-Y0UZCZQ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
KmnWlesUz91w
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
417dd0fc267b52a099e6d21e2f587448
-
Size
252KB
-
MD5
d87a0b6ff3b80619eff6a91dcbbc92f2
-
SHA1
2bd496d9718547ba4ff87aab82ef78e7d020b586
-
SHA256
bdca22b50a716ac1106fce8eb7fbb0df989bbf381329e952d16be68dc01c6477
-
SHA512
da4d7b6ddb9ac15f82ed0e9452e4e90e474c3b22a2b4eb859f3e34033676d1e6e117278a1c65a22ba27a3ba4199c8b5334b8d036d139a3e5071f917c8026df1e
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-