General
-
Target
b02479bd2f3ff635c7379a62ca54e502
-
Size
658KB
-
Sample
201214-dwj67183ln
-
MD5
b02479bd2f3ff635c7379a62ca54e502
-
SHA1
ab25e517492161e240093753a9fb41d8cca6aa98
-
SHA256
668b49adbd859ede384b13bfa1082ad5254df49d8841e39fcff375bf15e057ca
-
SHA512
6b767502a250ee86dbece2ea14dce930ead6b0fadf97431fbb8363bc046ef5528444f875ce9a18fde72c8a2d88271a095d559b43bd1301b397fa0f303641a312
Behavioral task
behavioral1
Sample
b02479bd2f3ff635c7379a62ca54e502.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Guest16
95.31.38.1:1604
lololoshka228.ddns.net:1604
DC_MUTEX-QBCS1A4
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
NNCa8eHTowkP
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
b02479bd2f3ff635c7379a62ca54e502
-
Size
658KB
-
MD5
b02479bd2f3ff635c7379a62ca54e502
-
SHA1
ab25e517492161e240093753a9fb41d8cca6aa98
-
SHA256
668b49adbd859ede384b13bfa1082ad5254df49d8841e39fcff375bf15e057ca
-
SHA512
6b767502a250ee86dbece2ea14dce930ead6b0fadf97431fbb8363bc046ef5528444f875ce9a18fde72c8a2d88271a095d559b43bd1301b397fa0f303641a312
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-