General
-
Target
fbd78d103581e7d9a8298347fcb87cdb3176eb7538f027da928487ed0cc47e3c
-
Size
1.8MB
-
Sample
220524-tn6p7ahbd9
-
MD5
f4d912030fe9d04e7bfe339b6f4924f8
-
SHA1
1e160913f92776ae15b2fb1ab813017c8142bb6f
-
SHA256
fbd78d103581e7d9a8298347fcb87cdb3176eb7538f027da928487ed0cc47e3c
-
SHA512
fe6aabef7d75917a4ac794a731ca2b6192c85d5063d2e6f2ea735d2d25db62c1671edc46b9c427af2d030f0c865c8f488cb41bfc55f01dd10eb31e9a5f49c00d
Behavioral task
behavioral1
Sample
fbd78d103581e7d9a8298347fcb87cdb3176eb7538f027da928487ed0cc47e3c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
fbd78d103581e7d9a8298347fcb87cdb3176eb7538f027da928487ed0cc47e3c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
darkcomet
Sazan
ak47pr0fessi.duckdns.org:1604
DC_MUTEX-KHNPN9J
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
GHG77GpMyW6R
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
fbd78d103581e7d9a8298347fcb87cdb3176eb7538f027da928487ed0cc47e3c
-
Size
1.8MB
-
MD5
f4d912030fe9d04e7bfe339b6f4924f8
-
SHA1
1e160913f92776ae15b2fb1ab813017c8142bb6f
-
SHA256
fbd78d103581e7d9a8298347fcb87cdb3176eb7538f027da928487ed0cc47e3c
-
SHA512
fe6aabef7d75917a4ac794a731ca2b6192c85d5063d2e6f2ea735d2d25db62c1671edc46b9c427af2d030f0c865c8f488cb41bfc55f01dd10eb31e9a5f49c00d
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Registers COM server for autorun
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-