General
-
Target
a03f3f9f48a88f30a6826f42bff8e45565d2c058abed4a83725af7db272b216b
-
Size
659KB
-
Sample
210924-gx7mmagadn
-
MD5
1d8488e1531d6a0b880347ac3c90aa55
-
SHA1
1240d4284b9a4d30b573cf3530a70cc109426051
-
SHA256
a03f3f9f48a88f30a6826f42bff8e45565d2c058abed4a83725af7db272b216b
-
SHA512
765a2a9d7f365ebc9c9082ea24ab9c5256b1bc44aa13596fec69c082cf0ac4a320f05ee78d7cd3df43237ac1246719dfc01d571bdf34d272141a5fb572e6388a
Behavioral task
behavioral1
Sample
a03f3f9f48a88f30a6826f42bff8e45565d2c058abed4a83725af7db272b216b.exe
Resource
win7v20210408
Malware Config
Extracted
darkcomet
Sazan
carbonkarlduckdns.org:1604
DC_MUTEX-A82WM2C
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
AYz297gj1pvL
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
a03f3f9f48a88f30a6826f42bff8e45565d2c058abed4a83725af7db272b216b
-
Size
659KB
-
MD5
1d8488e1531d6a0b880347ac3c90aa55
-
SHA1
1240d4284b9a4d30b573cf3530a70cc109426051
-
SHA256
a03f3f9f48a88f30a6826f42bff8e45565d2c058abed4a83725af7db272b216b
-
SHA512
765a2a9d7f365ebc9c9082ea24ab9c5256b1bc44aa13596fec69c082cf0ac4a320f05ee78d7cd3df43237ac1246719dfc01d571bdf34d272141a5fb572e6388a
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
suricata: ET MALWARE Zeus GameOver Possible DGA NXDOMAIN Responses
suricata: ET MALWARE Zeus GameOver Possible DGA NXDOMAIN Responses
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-