General
-
Target
a404b48584bf31dce8ddd6eda479abad10abd78b90d7905d2d2064155729d70c
-
Size
742KB
-
Sample
220520-pwc1maegck
-
MD5
7b4ad9815aa9ffb197aa5ba3a545136e
-
SHA1
811fc574e57f7d4de796d8e3e1b090f7fb8a3ff6
-
SHA256
a404b48584bf31dce8ddd6eda479abad10abd78b90d7905d2d2064155729d70c
-
SHA512
adf05818c131811f40b6b24c376a4861d5e292144647b5d1383d110a6db9120e92a4847b0ab2363378ff1aead7b9281e546e600049b98d7297bdb8cdf1cfbe28
Behavioral task
behavioral1
Sample
a404b48584bf31dce8ddd6eda479abad10abd78b90d7905d2d2064155729d70c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a404b48584bf31dce8ddd6eda479abad10abd78b90d7905d2d2064155729d70c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
darkcomet
Sazan
192.168.1.105:1604
DC_MUTEX-KWRE19J
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
dhFX5VGm1dAU
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
a404b48584bf31dce8ddd6eda479abad10abd78b90d7905d2d2064155729d70c
-
Size
742KB
-
MD5
7b4ad9815aa9ffb197aa5ba3a545136e
-
SHA1
811fc574e57f7d4de796d8e3e1b090f7fb8a3ff6
-
SHA256
a404b48584bf31dce8ddd6eda479abad10abd78b90d7905d2d2064155729d70c
-
SHA512
adf05818c131811f40b6b24c376a4861d5e292144647b5d1383d110a6db9120e92a4847b0ab2363378ff1aead7b9281e546e600049b98d7297bdb8cdf1cfbe28
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-