General
-
Target
c0ad5a53ff38949521ffd0021758553314bc52226457ccd1283c886f7ef15794
-
Size
756KB
-
Sample
220725-e2wd2seeh6
-
MD5
736a628795a481e5c9fe19cc710c1f5d
-
SHA1
7021224829890d4f894e98f5d0971ae1637a6168
-
SHA256
c0ad5a53ff38949521ffd0021758553314bc52226457ccd1283c886f7ef15794
-
SHA512
940f8db732ac2530405ec7b1037c75caf20fda53bfe1d84096ad50a4e1a094a4d9a11422552efccecd061493dd41349ba1ab57288dcf5b8d8b83e9785dd5948e
Behavioral task
behavioral1
Sample
c0ad5a53ff38949521ffd0021758553314bc52226457ccd1283c886f7ef15794.exe
Resource
win7-20220715-en
Malware Config
Extracted
darkcomet
Guest16
192.168.2.196:1604
zuhnminecraftmusic.hopto.org:1604
DC_MUTEX-GJCW855
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
fl0zcGzUZSdZ
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
c0ad5a53ff38949521ffd0021758553314bc52226457ccd1283c886f7ef15794
-
Size
756KB
-
MD5
736a628795a481e5c9fe19cc710c1f5d
-
SHA1
7021224829890d4f894e98f5d0971ae1637a6168
-
SHA256
c0ad5a53ff38949521ffd0021758553314bc52226457ccd1283c886f7ef15794
-
SHA512
940f8db732ac2530405ec7b1037c75caf20fda53bfe1d84096ad50a4e1a094a4d9a11422552efccecd061493dd41349ba1ab57288dcf5b8d8b83e9785dd5948e
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-