General
-
Target
DarkComet Fixed.exe
-
Size
12.2MB
-
Sample
220711-de2f4seban
-
MD5
9beb9311e16cdb4f441f6de009a51ddc
-
SHA1
cbea1c03c413710e63016921efa4a5cc7209f293
-
SHA256
8ac3491b1b780ca4a8d27e0f729b123473f1eab7f6e918a803197769467ddb91
-
SHA512
b9ba8f94e9f165bd364e07035189ffa6bbc2e97d0c9092b99f0df2b463be43dc9b06d4484a08a847b543801ddeb8a37848f448fc128797af45aecb81ecbdf42c
Behavioral task
behavioral1
Sample
DarkComet Fixed.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
susiahat24199a.ddns.net:6606
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
JavaUpdate.exe
-
install_folder
%AppData%
Extracted
darkcomet
Guest16
sussysdfffdfff343.duckdns.org:1604
DC_MUTEX-DPR96FP
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
UxV043A3qL1c
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
DarkComet Fixed.exe
-
Size
12.2MB
-
MD5
9beb9311e16cdb4f441f6de009a51ddc
-
SHA1
cbea1c03c413710e63016921efa4a5cc7209f293
-
SHA256
8ac3491b1b780ca4a8d27e0f729b123473f1eab7f6e918a803197769467ddb91
-
SHA512
b9ba8f94e9f165bd364e07035189ffa6bbc2e97d0c9092b99f0df2b463be43dc9b06d4484a08a847b543801ddeb8a37848f448fc128797af45aecb81ecbdf42c
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-