General
-
Target
8fb374355555668aa53a5392cb1f28a40e9bfec92b56d534c75535afb359a6af
-
Size
658KB
-
Sample
220725-ajlpnsfabq
-
MD5
2618469009a966d50a96f5d0ece5de29
-
SHA1
c6b5f023ee29ab7d260269b5d2c8ab991970c9ef
-
SHA256
8fb374355555668aa53a5392cb1f28a40e9bfec92b56d534c75535afb359a6af
-
SHA512
201c795dc5920b041c84d4c11c0ecc76126a013dd7a4c08e37ddeda260fc2cc6d91d4bbfb817823ca9d5948c307e4ae2041390d9825aec947040a4274f404fae
Behavioral task
behavioral1
Sample
8fb374355555668aa53a5392cb1f28a40e9bfec92b56d534c75535afb359a6af.exe
Resource
win7-20220718-en
Malware Config
Extracted
darkcomet
TROJAN
zaharpidor4.ddns.net:1604
DC_MUTEX-70W2C6R
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
gsmv1ZVBseQD
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
VIRUS
Targets
-
-
Target
8fb374355555668aa53a5392cb1f28a40e9bfec92b56d534c75535afb359a6af
-
Size
658KB
-
MD5
2618469009a966d50a96f5d0ece5de29
-
SHA1
c6b5f023ee29ab7d260269b5d2c8ab991970c9ef
-
SHA256
8fb374355555668aa53a5392cb1f28a40e9bfec92b56d534c75535afb359a6af
-
SHA512
201c795dc5920b041c84d4c11c0ecc76126a013dd7a4c08e37ddeda260fc2cc6d91d4bbfb817823ca9d5948c307e4ae2041390d9825aec947040a4274f404fae
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-