General
-
Target
0aff8ddb4ffe9e66e64bc83259098b2f3cceaea0524bced7751d69f6026195ec
-
Size
683KB
-
Sample
220530-fy5nzsecb6
-
MD5
8bb19f064991f91dca466784b13e2bb3
-
SHA1
517682367ad7b45ab2f4eba49bff723f033cfc6d
-
SHA256
0aff8ddb4ffe9e66e64bc83259098b2f3cceaea0524bced7751d69f6026195ec
-
SHA512
0752b19d991542ee5834d62b614ead5cdb90b365a5fed03a830cf57761fc00c6142d40f8f0da1bee0acb90e5f3aed14afdaa25e33b9ad132dbeec1a1c3286beb
Static task
static1
Behavioral task
behavioral1
Sample
0aff8ddb4ffe9e66e64bc83259098b2f3cceaea0524bced7751d69f6026195ec.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
hack
dianabol89.zapto.org:1604
DC_MUTEX-MJBT6M8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
qtA8PLYkzZVo
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
0aff8ddb4ffe9e66e64bc83259098b2f3cceaea0524bced7751d69f6026195ec
-
Size
683KB
-
MD5
8bb19f064991f91dca466784b13e2bb3
-
SHA1
517682367ad7b45ab2f4eba49bff723f033cfc6d
-
SHA256
0aff8ddb4ffe9e66e64bc83259098b2f3cceaea0524bced7751d69f6026195ec
-
SHA512
0752b19d991542ee5834d62b614ead5cdb90b365a5fed03a830cf57761fc00c6142d40f8f0da1bee0acb90e5f3aed14afdaa25e33b9ad132dbeec1a1c3286beb
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-