General
-
Target
6aa1714aa9ab2d0cefb5f8ee9dfa78850fd3dbe32ac9d7b8db0ab0cfaf687a90
-
Size
283KB
-
Sample
220725-ajg2gsfabl
-
MD5
ebf9b9aa46566390172fc9929cd2fc14
-
SHA1
0673fbd0e76b828cae642eee449a7cb3745ca250
-
SHA256
6aa1714aa9ab2d0cefb5f8ee9dfa78850fd3dbe32ac9d7b8db0ab0cfaf687a90
-
SHA512
5c5d6d7b1b4044a8fac3ce1a7b11b066743b4f681050f6965cbb0cb58b9fff183538b172a82f6c7daa1b7ac4f98059b564d4461f5a173544af17cab3fb182fa5
Behavioral task
behavioral1
Sample
6aa1714aa9ab2d0cefb5f8ee9dfa78850fd3dbe32ac9d7b8db0ab0cfaf687a90.exe
Resource
win7-20220718-en
Malware Config
Extracted
darkcomet
Guest16
sms4kaka.hopto.org:5555
DC_MUTEX-592DL0X
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
MuNYS9T6SHPe
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
6aa1714aa9ab2d0cefb5f8ee9dfa78850fd3dbe32ac9d7b8db0ab0cfaf687a90
-
Size
283KB
-
MD5
ebf9b9aa46566390172fc9929cd2fc14
-
SHA1
0673fbd0e76b828cae642eee449a7cb3745ca250
-
SHA256
6aa1714aa9ab2d0cefb5f8ee9dfa78850fd3dbe32ac9d7b8db0ab0cfaf687a90
-
SHA512
5c5d6d7b1b4044a8fac3ce1a7b11b066743b4f681050f6965cbb0cb58b9fff183538b172a82f6c7daa1b7ac4f98059b564d4461f5a173544af17cab3fb182fa5
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-