General
-
Target
56d501a6c7a11d74c2d29a5ffca2ef25778fee7e85445147894b53e391f9c423
-
Size
670KB
-
Sample
220725-byrpxaheap
-
MD5
57ca61c5fd93fc09c48e6fec93d171d7
-
SHA1
67c4e25ab491736b41718d4564b2889ed4ba84fc
-
SHA256
56d501a6c7a11d74c2d29a5ffca2ef25778fee7e85445147894b53e391f9c423
-
SHA512
e247fa0490d79972a090212bb1dd9cba3311f6ed3dc756787ab3dc42c961b1c8ed42a426b9c306d66e21bf8eba533938f99fe777e8253054cf79647f87bef638
Static task
static1
Behavioral task
behavioral1
Sample
56d501a6c7a11d74c2d29a5ffca2ef25778fee7e85445147894b53e391f9c423.exe
Resource
win7-20220715-en
Malware Config
Extracted
darkcomet
first
sasa777.no-ip.org:1604
DC_MUTEX-SRR1RJ7
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
X0Rpg2vdV3fU
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
56d501a6c7a11d74c2d29a5ffca2ef25778fee7e85445147894b53e391f9c423
-
Size
670KB
-
MD5
57ca61c5fd93fc09c48e6fec93d171d7
-
SHA1
67c4e25ab491736b41718d4564b2889ed4ba84fc
-
SHA256
56d501a6c7a11d74c2d29a5ffca2ef25778fee7e85445147894b53e391f9c423
-
SHA512
e247fa0490d79972a090212bb1dd9cba3311f6ed3dc756787ab3dc42c961b1c8ed42a426b9c306d66e21bf8eba533938f99fe777e8253054cf79647f87bef638
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-