General
-
Target
d8403ecf3183e9a60a045885dbeb78f3f0857d35f8e8317b72670105f308aa7f
-
Size
658KB
-
Sample
220725-ajabmsfaak
-
MD5
fa19c26ba5708b6853f8b79aa21442fa
-
SHA1
10132bc3bc87bc0ad96d4f16defe09fc6721f6ec
-
SHA256
d8403ecf3183e9a60a045885dbeb78f3f0857d35f8e8317b72670105f308aa7f
-
SHA512
1ee08ae885e9189bacb23c7972eb001f5b6bd9b9bc303c28d60ce9bf2209b82c747473b8afb5e966271a4c9fecabadc9f77597466887adef6fec9c9c32ee52e3
Behavioral task
behavioral1
Sample
d8403ecf3183e9a60a045885dbeb78f3f0857d35f8e8317b72670105f308aa7f.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
d8403ecf3183e9a60a045885dbeb78f3f0857d35f8e8317b72670105f308aa7f.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
darkcomet
Guest16_min
127.0.0.1:4444
DCMIN_MUTEX-HFYVMRE
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
ap2AK36wfZB9
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
d8403ecf3183e9a60a045885dbeb78f3f0857d35f8e8317b72670105f308aa7f
-
Size
658KB
-
MD5
fa19c26ba5708b6853f8b79aa21442fa
-
SHA1
10132bc3bc87bc0ad96d4f16defe09fc6721f6ec
-
SHA256
d8403ecf3183e9a60a045885dbeb78f3f0857d35f8e8317b72670105f308aa7f
-
SHA512
1ee08ae885e9189bacb23c7972eb001f5b6bd9b9bc303c28d60ce9bf2209b82c747473b8afb5e966271a4c9fecabadc9f77597466887adef6fec9c9c32ee52e3
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-