General
-
Target
b12ebd9263108e9344610b6f3b458744f9dd1bc365bbf72b753a4d2e459587e7
-
Size
252KB
-
Sample
220520-3nsyrscbcr
-
MD5
b780e5c2aa4465ca48aa5f41ce4adf7f
-
SHA1
efda9481424c4d88f2c4a78742db1cf5b05ff8a2
-
SHA256
b12ebd9263108e9344610b6f3b458744f9dd1bc365bbf72b753a4d2e459587e7
-
SHA512
1bfe4bcd73cb1ce0681da7e6fc58757b1e5c024d3cffbbc4d58f8976d724b9850ab9b0445541d6f114109f74d683d73836a3c9f511ee7ad54a9b8cb31b0d9367
Behavioral task
behavioral1
Sample
b12ebd9263108e9344610b6f3b458744f9dd1bc365bbf72b753a4d2e459587e7.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
Guest16
kamshotivanich.ddns.net:1604
kamshotivanich.ddns.net:27015
DC_MUTEX-V8J7YF5
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
sBdxvB5tQ4PB
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
b12ebd9263108e9344610b6f3b458744f9dd1bc365bbf72b753a4d2e459587e7
-
Size
252KB
-
MD5
b780e5c2aa4465ca48aa5f41ce4adf7f
-
SHA1
efda9481424c4d88f2c4a78742db1cf5b05ff8a2
-
SHA256
b12ebd9263108e9344610b6f3b458744f9dd1bc365bbf72b753a4d2e459587e7
-
SHA512
1bfe4bcd73cb1ce0681da7e6fc58757b1e5c024d3cffbbc4d58f8976d724b9850ab9b0445541d6f114109f74d683d73836a3c9f511ee7ad54a9b8cb31b0d9367
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-