General
-
Target
0x000500000001a4c4-71.dat
-
Size
658KB
-
Sample
220710-1nzefaffb3
-
MD5
c775e905c28bb9cfaf4e0a52d69b311b
-
SHA1
05a5b6692d1177dbb6f2ce92ebe9b399265790a5
-
SHA256
c8c553c88f02526cf32cfeb3944803b2a3a12c0b2b95800491e657df6ba07fdb
-
SHA512
01880de63e224e1806f018b24769431925c5d16ed632278de7fb3972237ac0f4be372bdeb184bc3c42f6ee583701b3039089d5f8f6019e1265c1eb7895d24514
Behavioral task
behavioral1
Sample
0x000500000001a4c4-71.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
Guest16
sussysdfffdfff343.duckdns.org:1604
DC_MUTEX-DPR96FP
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
UxV043A3qL1c
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
0x000500000001a4c4-71.dat
-
Size
658KB
-
MD5
c775e905c28bb9cfaf4e0a52d69b311b
-
SHA1
05a5b6692d1177dbb6f2ce92ebe9b399265790a5
-
SHA256
c8c553c88f02526cf32cfeb3944803b2a3a12c0b2b95800491e657df6ba07fdb
-
SHA512
01880de63e224e1806f018b24769431925c5d16ed632278de7fb3972237ac0f4be372bdeb184bc3c42f6ee583701b3039089d5f8f6019e1265c1eb7895d24514
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-