General
-
Target
87e1433bec2bd9d8fdc02e52d03d29005b82546996d045068ffce11088a660c3
-
Size
252KB
-
Sample
220521-xy1hpscgf2
-
MD5
32307c24db9052003547acd8c7814a09
-
SHA1
1804e608aef820e4b344e996dbad49276cc237b5
-
SHA256
87e1433bec2bd9d8fdc02e52d03d29005b82546996d045068ffce11088a660c3
-
SHA512
7e3db616a5e1e25eb2b94a8a537c90b657f99fa92471c38108eb0e859476a6e5adecfe3ef46da9729cc3605a79c694f74a2a923b4f6e5f9bc5d5515186bca596
Behavioral task
behavioral1
Sample
87e1433bec2bd9d8fdc02e52d03d29005b82546996d045068ffce11088a660c3.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
Guest16
kualomakalo.ddns.net:1604
DC_MUTEX-3L7FTLT
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
stDkxmBCbxzB
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
87e1433bec2bd9d8fdc02e52d03d29005b82546996d045068ffce11088a660c3
-
Size
252KB
-
MD5
32307c24db9052003547acd8c7814a09
-
SHA1
1804e608aef820e4b344e996dbad49276cc237b5
-
SHA256
87e1433bec2bd9d8fdc02e52d03d29005b82546996d045068ffce11088a660c3
-
SHA512
7e3db616a5e1e25eb2b94a8a537c90b657f99fa92471c38108eb0e859476a6e5adecfe3ef46da9729cc3605a79c694f74a2a923b4f6e5f9bc5d5515186bca596
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-