General
-
Target
f.bin
-
Size
658KB
-
Sample
210108-rl53n3fa7e
-
MD5
3b6f11e1bfcb6137f555399ce5e5fec6
-
SHA1
dbfe47ed7e9842b0a9014c11b7146c38963882c5
-
SHA256
1c876d45db060f5be86ab9a13496c0b280d3c6031f00bb4ffebae99566a9249b
-
SHA512
6d6b338a395cc42d527cee0dd06f051b86e7d135b764c6d7619eae0a9dba0e687e0578ff64d83ac7284fea1e727a6695a7e3d065e86d45b01cb81befeab89715
Behavioral task
behavioral1
Sample
f.bin.exe
Resource
win7v20201028
Malware Config
Extracted
darkcomet
Guest16
ImagineTyingToGetMyIp-31268.portmap.host:31268
DC_MUTEX-B1A8DEL
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ZyDv1EUeB9PM
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
f.bin
-
Size
658KB
-
MD5
3b6f11e1bfcb6137f555399ce5e5fec6
-
SHA1
dbfe47ed7e9842b0a9014c11b7146c38963882c5
-
SHA256
1c876d45db060f5be86ab9a13496c0b280d3c6031f00bb4ffebae99566a9249b
-
SHA512
6d6b338a395cc42d527cee0dd06f051b86e7d135b764c6d7619eae0a9dba0e687e0578ff64d83ac7284fea1e727a6695a7e3d065e86d45b01cb81befeab89715
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-