General
-
Target
46b620f55c618725f4bbf2889e0427d819804ec89263efb836e800118160d940
-
Size
308KB
-
Sample
220707-jswexafgbq
-
MD5
a7495ebd5b117c20f373a1769534470a
-
SHA1
2fa33f0113d280d0aaa73e94e79a4c02fa78e788
-
SHA256
46b620f55c618725f4bbf2889e0427d819804ec89263efb836e800118160d940
-
SHA512
363385c5726ad38918e5769c668feb4cf4e42f8a6dab847f25d452c56d92d1934f2573b3a1026098fd0c67c995be6967ef3e73ce2639ded00636e30ed1d546d9
Static task
static1
Behavioral task
behavioral1
Sample
46b620f55c618725f4bbf2889e0427d819804ec89263efb836e800118160d940.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
Guest16
bibl12345.ddns.net:1604
DC_MUTEX-AJ56C7W
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Jy8jYvuQiUbf
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Windows
Targets
-
-
Target
46b620f55c618725f4bbf2889e0427d819804ec89263efb836e800118160d940
-
Size
308KB
-
MD5
a7495ebd5b117c20f373a1769534470a
-
SHA1
2fa33f0113d280d0aaa73e94e79a4c02fa78e788
-
SHA256
46b620f55c618725f4bbf2889e0427d819804ec89263efb836e800118160d940
-
SHA512
363385c5726ad38918e5769c668feb4cf4e42f8a6dab847f25d452c56d92d1934f2573b3a1026098fd0c67c995be6967ef3e73ce2639ded00636e30ed1d546d9
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-