General
-
Target
94c3f397f31b5cc0873ba528bffc2ba819c0ed2b438da708c76be809ff5146b9
-
Size
799KB
-
Sample
220520-d9zk1agcd2
-
MD5
ad17be0fa6b5e33cf22e87471c82f19f
-
SHA1
0de39773d353df098a33c7ff214d4f18900286cc
-
SHA256
94c3f397f31b5cc0873ba528bffc2ba819c0ed2b438da708c76be809ff5146b9
-
SHA512
1c7c962777b4b2164177ee884fe425f15235666c60c2e3d85879954536dc90bf293fdd74d3b68d4a9b4ae4b9d0da38cfeeb07c34c8846e06f001266b6066eac1
Static task
static1
Behavioral task
behavioral1
Sample
Result.jpg.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
1
sadist.ddns.net:500
DC_MUTEX-WDGJLC3
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
bg0tFwB3BTiD
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
Result.jpg.exe
-
Size
1.2MB
-
MD5
da81c76543b3f280abfaf1c04a820c8d
-
SHA1
e746372c52ab53a7dcded6ffd497f10d3b84bda9
-
SHA256
996d745b0948add2ef943870d637afb46d4463432df4cb766509ecaa1982a35a
-
SHA512
8fe78aee184022b8a15646d1a847aed29e3bf463599d5b8b517a321cc876f53ebb170b03ccdddb2032a6ab420956bfd233c489e954044a93a4c7995ed41b3346
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-