General
-
Target
21c432444c6b47354e2d0ed98e3b00b46d26e669fbf83f611c6fb3265cde2588
-
Size
658KB
-
Sample
220708-sqg9yahhb6
-
MD5
d8c8cc55848f574b2391e10900e76541
-
SHA1
22b7ddb86e731f88482afa55302f198935593ff8
-
SHA256
21c432444c6b47354e2d0ed98e3b00b46d26e669fbf83f611c6fb3265cde2588
-
SHA512
a47e10bd0fc5a859e869d44c1df795d5afa1efa9c762927aa337d2ebf5568c5650aeb374ef79194892499f92a421a272e27f60400371dae911012fe2a405c5cc
Static task
static1
Behavioral task
behavioral1
Sample
21c432444c6b47354e2d0ed98e3b00b46d26e669fbf83f611c6fb3265cde2588.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
21c432444c6b47354e2d0ed98e3b00b46d26e669fbf83f611c6fb3265cde2588.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
darkcomet
Guest16_min
192.168.0.102:1604
DCMIN_MUTEX-CY8W592
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
TMDgikwNbn2s
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Zmeyka
Targets
-
-
Target
21c432444c6b47354e2d0ed98e3b00b46d26e669fbf83f611c6fb3265cde2588
-
Size
658KB
-
MD5
d8c8cc55848f574b2391e10900e76541
-
SHA1
22b7ddb86e731f88482afa55302f198935593ff8
-
SHA256
21c432444c6b47354e2d0ed98e3b00b46d26e669fbf83f611c6fb3265cde2588
-
SHA512
a47e10bd0fc5a859e869d44c1df795d5afa1efa9c762927aa337d2ebf5568c5650aeb374ef79194892499f92a421a272e27f60400371dae911012fe2a405c5cc
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-