General
-
Target
13a9b67591848e9500b93b7e22a11e0adaee46774b55f6a3c1e543b4d7cc3fd3
-
Size
658KB
-
Sample
220630-vjhcgaehd7
-
MD5
c46b0c1ead56ed1933dd375b6b22e1f2
-
SHA1
97f05c8a9847e8e396d5916deb831466111ae2a4
-
SHA256
13a9b67591848e9500b93b7e22a11e0adaee46774b55f6a3c1e543b4d7cc3fd3
-
SHA512
83cbc641d4a32cb2e8a92c5bb8a7e57e024be7ce977896997cff70e9cb307f7038a40085192d0160058fb195e49e817dcf2cc19286773121a4ec9b2a1e41681c
Behavioral task
behavioral1
Sample
13a9b67591848e9500b93b7e22a11e0adaee46774b55f6a3c1e543b4d7cc3fd3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
13a9b67591848e9500b93b7e22a11e0adaee46774b55f6a3c1e543b4d7cc3fd3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
darkcomet
Sazan
85.98.17.207:1604
DC_MUTEX-T147BU8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
LMpE3BXrLHns
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
JokerRinaHack
Targets
-
-
Target
13a9b67591848e9500b93b7e22a11e0adaee46774b55f6a3c1e543b4d7cc3fd3
-
Size
658KB
-
MD5
c46b0c1ead56ed1933dd375b6b22e1f2
-
SHA1
97f05c8a9847e8e396d5916deb831466111ae2a4
-
SHA256
13a9b67591848e9500b93b7e22a11e0adaee46774b55f6a3c1e543b4d7cc3fd3
-
SHA512
83cbc641d4a32cb2e8a92c5bb8a7e57e024be7ce977896997cff70e9cb307f7038a40085192d0160058fb195e49e817dcf2cc19286773121a4ec9b2a1e41681c
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-