General
-
Target
996d745b0948add2ef943870d637afb46d4463432df4cb766509ecaa1982a35a
-
Size
1.2MB
-
Sample
220520-d9yzgabadn
-
MD5
da81c76543b3f280abfaf1c04a820c8d
-
SHA1
e746372c52ab53a7dcded6ffd497f10d3b84bda9
-
SHA256
996d745b0948add2ef943870d637afb46d4463432df4cb766509ecaa1982a35a
-
SHA512
8fe78aee184022b8a15646d1a847aed29e3bf463599d5b8b517a321cc876f53ebb170b03ccdddb2032a6ab420956bfd233c489e954044a93a4c7995ed41b3346
Static task
static1
Behavioral task
behavioral1
Sample
996d745b0948add2ef943870d637afb46d4463432df4cb766509ecaa1982a35a.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
1
sadist.ddns.net:500
DC_MUTEX-WDGJLC3
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
bg0tFwB3BTiD
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
996d745b0948add2ef943870d637afb46d4463432df4cb766509ecaa1982a35a
-
Size
1.2MB
-
MD5
da81c76543b3f280abfaf1c04a820c8d
-
SHA1
e746372c52ab53a7dcded6ffd497f10d3b84bda9
-
SHA256
996d745b0948add2ef943870d637afb46d4463432df4cb766509ecaa1982a35a
-
SHA512
8fe78aee184022b8a15646d1a847aed29e3bf463599d5b8b517a321cc876f53ebb170b03ccdddb2032a6ab420956bfd233c489e954044a93a4c7995ed41b3346
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-