General
-
Target
cee4e670f5caa5f4da865a0d00549f261382aa383c0debc1f7a4d0cd183ddd9e
-
Size
690KB
-
Sample
210922-rl1eaachh4
-
MD5
723baed58f250509d277de75a3178be8
-
SHA1
d5c190e5acb7f4e8d9f6286e4f48fa9bfcd1325c
-
SHA256
cee4e670f5caa5f4da865a0d00549f261382aa383c0debc1f7a4d0cd183ddd9e
-
SHA512
01af4ae85aad93e59cc93f82f82c2fc8f7b4f9166a7abdcb32b85dfd417dd379064aead960746b51d0f147fdec64ea261470de31e6fb67add96836a0651c954b
Behavioral task
behavioral1
Sample
cee4e670f5caa5f4da865a0d00549f261382aa383c0debc1f7a4d0cd183ddd9e.exe
Resource
win7-en-20210920
Malware Config
Extracted
darkcomet
Guest16
fantomazzz.ddns.net:1604
DC_MUTEX-H4MJNYC
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
zASJD9aEWq6M
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
cee4e670f5caa5f4da865a0d00549f261382aa383c0debc1f7a4d0cd183ddd9e
-
Size
690KB
-
MD5
723baed58f250509d277de75a3178be8
-
SHA1
d5c190e5acb7f4e8d9f6286e4f48fa9bfcd1325c
-
SHA256
cee4e670f5caa5f4da865a0d00549f261382aa383c0debc1f7a4d0cd183ddd9e
-
SHA512
01af4ae85aad93e59cc93f82f82c2fc8f7b4f9166a7abdcb32b85dfd417dd379064aead960746b51d0f147fdec64ea261470de31e6fb67add96836a0651c954b
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-