General
-
Target
eab3fbe0ffb03366b67145f3e3c49d425c373bdef029ff3602b59e9580285e6c
-
Size
1.1MB
-
Sample
220328-rs66eafagj
-
MD5
3fe1770420f1625c60a395e91b665ea6
-
SHA1
55a317a2ef7e3e18b94d69bfb86bb25c10a31a7b
-
SHA256
eab3fbe0ffb03366b67145f3e3c49d425c373bdef029ff3602b59e9580285e6c
-
SHA512
dbafbf8f46d04d3a37b22bbf2bd6c13a3b04fbe5cac7d075cc00cc1befa7db8667497fc048b96ea43286d397ec20fbf5fe35794600bf6099dc9cc6f2d4bfcb62
Static task
static1
Behavioral task
behavioral1
Sample
eab3fbe0ffb03366b67145f3e3c49d425c373bdef029ff3602b59e9580285e6c.exe
Resource
win7-20220311-en
Malware Config
Extracted
darkcomet
Sazan
adm44.duckdns.org:1604
DC_MUTEX-5LRPLCA
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ADsR0jwEcc6b
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
eab3fbe0ffb03366b67145f3e3c49d425c373bdef029ff3602b59e9580285e6c
-
Size
1.1MB
-
MD5
3fe1770420f1625c60a395e91b665ea6
-
SHA1
55a317a2ef7e3e18b94d69bfb86bb25c10a31a7b
-
SHA256
eab3fbe0ffb03366b67145f3e3c49d425c373bdef029ff3602b59e9580285e6c
-
SHA512
dbafbf8f46d04d3a37b22bbf2bd6c13a3b04fbe5cac7d075cc00cc1befa7db8667497fc048b96ea43286d397ec20fbf5fe35794600bf6099dc9cc6f2d4bfcb62
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-