General
-
Target
9dba654fc2787dcfaddb3aeb91a6439dc90426b4018314fff12e849ad55425a6
-
Size
253KB
-
Sample
220725-ah77aaefg9
-
MD5
c46471072e24a8522a63f1ce3196c75e
-
SHA1
f33ed92ed09fe3f731cff93bf36c651fecc51d35
-
SHA256
9dba654fc2787dcfaddb3aeb91a6439dc90426b4018314fff12e849ad55425a6
-
SHA512
d0b69024301ba28be9efa5c75bca6bc345c50711cbd9e31563bf65c972df21165f92166689b94cb980fbaade47e1b7708d80fe9c3f85003067a4710e547637b2
Behavioral task
behavioral1
Sample
9dba654fc2787dcfaddb3aeb91a6439dc90426b4018314fff12e849ad55425a6.exe
Resource
win7-20220718-en
Malware Config
Extracted
darkcomet
Guest16
letomaniydh.ddns.net:1604
letomaniydh.ddns.net:27015
192.168.0.47:27015
DC_MUTEX-3F06PJ9
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Jnj0qClCtnH3
-
install
true
-
offline_keylogger
false
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
9dba654fc2787dcfaddb3aeb91a6439dc90426b4018314fff12e849ad55425a6
-
Size
253KB
-
MD5
c46471072e24a8522a63f1ce3196c75e
-
SHA1
f33ed92ed09fe3f731cff93bf36c651fecc51d35
-
SHA256
9dba654fc2787dcfaddb3aeb91a6439dc90426b4018314fff12e849ad55425a6
-
SHA512
d0b69024301ba28be9efa5c75bca6bc345c50711cbd9e31563bf65c972df21165f92166689b94cb980fbaade47e1b7708d80fe9c3f85003067a4710e547637b2
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-