General
-
Target
5699d69b06db357e1967124c4faca11202b35239cf94f7d0f67a49ec1d5f9b50
-
Size
1.8MB
-
Sample
220725-ctwczaagf6
-
MD5
16222dcd3f5d1268f27ca7898b5183cb
-
SHA1
90d00fdf793d1a7d040044c1200be22a2bded7af
-
SHA256
5699d69b06db357e1967124c4faca11202b35239cf94f7d0f67a49ec1d5f9b50
-
SHA512
ce65aca76cc094f1d0fa70b929e7f670c140d322f2c31f1326b6184b3eb6186dfa95ab5e66485a9cbc144fe8ba71e0617ab9e4e6643c453f8c36de7ced076fbf
Behavioral task
behavioral1
Sample
5699d69b06db357e1967124c4faca11202b35239cf94f7d0f67a49ec1d5f9b50.exe
Resource
win7-20220715-en
Malware Config
Extracted
darkcomet
Guest16
thbest014.no-ip.biz:2525
DC_MUTEX-WPLKKB0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Uswj1FHkDDSZ
-
install
true
-
offline_keylogger
true
-
password
147147
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
5699d69b06db357e1967124c4faca11202b35239cf94f7d0f67a49ec1d5f9b50
-
Size
1.8MB
-
MD5
16222dcd3f5d1268f27ca7898b5183cb
-
SHA1
90d00fdf793d1a7d040044c1200be22a2bded7af
-
SHA256
5699d69b06db357e1967124c4faca11202b35239cf94f7d0f67a49ec1d5f9b50
-
SHA512
ce65aca76cc094f1d0fa70b929e7f670c140d322f2c31f1326b6184b3eb6186dfa95ab5e66485a9cbc144fe8ba71e0617ab9e4e6643c453f8c36de7ced076fbf
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-