General
-
Target
2b4a79e25992395c0aefec0702088ec365f731dfeaf42a61fb910e2012f396d0
-
Size
253KB
-
Sample
220520-2vyxxsbafr
-
MD5
8042e161f29f7611e479358616ebce90
-
SHA1
9e66839a0b7175ed89cc3f415979aa20f13caf71
-
SHA256
2b4a79e25992395c0aefec0702088ec365f731dfeaf42a61fb910e2012f396d0
-
SHA512
0d473b8ef9e8e3ab14aca1bd7ac18cd61be22ee8d6ef59feceff8028a34319afd80c20b8efcd965692e4b12353c62d685680bb2af20b5de9fe45cbce3e6b5e2d
Behavioral task
behavioral1
Sample
2b4a79e25992395c0aefec0702088ec365f731dfeaf42a61fb910e2012f396d0.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
Guest16
rochustoad.ddns.net:1604
rochustoad.ddns.net:27015
176.100.120.27:27015
176.100.120.27:1604
DC_MUTEX-3G9F3VY
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Am7F7zgdwCsR
-
install
true
-
offline_keylogger
false
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
2b4a79e25992395c0aefec0702088ec365f731dfeaf42a61fb910e2012f396d0
-
Size
253KB
-
MD5
8042e161f29f7611e479358616ebce90
-
SHA1
9e66839a0b7175ed89cc3f415979aa20f13caf71
-
SHA256
2b4a79e25992395c0aefec0702088ec365f731dfeaf42a61fb910e2012f396d0
-
SHA512
0d473b8ef9e8e3ab14aca1bd7ac18cd61be22ee8d6ef59feceff8028a34319afd80c20b8efcd965692e4b12353c62d685680bb2af20b5de9fe45cbce3e6b5e2d
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-