General
-
Target
e16b54b0e20b5fa20f57623f6ae72f0afd9f7d1857e880db71e2a4c468f519d2
-
Size
663KB
-
Sample
220129-z5qceshefr
-
MD5
20cd25a7bce759a071678bdf8ec7d7bd
-
SHA1
a486797a9e14fdaa1ca29a41510a7a431edb759d
-
SHA256
e16b54b0e20b5fa20f57623f6ae72f0afd9f7d1857e880db71e2a4c468f519d2
-
SHA512
5fd7c87832d1868c0cbb8b3bbc6bfb7082b46f68a6b37516602905f6ec0815f9c4f738d4de3dd62b49d10986f15569dcc5c4f2d6a503961c7fb36beeaacd1b1f
Behavioral task
behavioral1
Sample
e16b54b0e20b5fa20f57623f6ae72f0afd9f7d1857e880db71e2a4c468f519d2.exe
Resource
win7-en-20211208
Malware Config
Extracted
darkcomet
Zombie
darkdaniblack.no-ip.biz:1604
DC_MUTEX-2F47BJV
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
GkM9fiMqtYcs
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
e16b54b0e20b5fa20f57623f6ae72f0afd9f7d1857e880db71e2a4c468f519d2
-
Size
663KB
-
MD5
20cd25a7bce759a071678bdf8ec7d7bd
-
SHA1
a486797a9e14fdaa1ca29a41510a7a431edb759d
-
SHA256
e16b54b0e20b5fa20f57623f6ae72f0afd9f7d1857e880db71e2a4c468f519d2
-
SHA512
5fd7c87832d1868c0cbb8b3bbc6bfb7082b46f68a6b37516602905f6ec0815f9c4f738d4de3dd62b49d10986f15569dcc5c4f2d6a503961c7fb36beeaacd1b1f
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-