General
-
Target
55012d17f84e136f034d78a49f6bc3f308ac5f7c7f9fdfe59436e479c0a23e2c
-
Size
658KB
-
Sample
220725-vwa4xscbem
-
MD5
7f6522eed5681006fef33f7aeb092586
-
SHA1
1b2831396a354b54421447ad782ff2374d5e0bf0
-
SHA256
55012d17f84e136f034d78a49f6bc3f308ac5f7c7f9fdfe59436e479c0a23e2c
-
SHA512
2d7bf2051dbcaea70f0ee06ee5754123c9bc1b95dcbffdc3b749c4284451e31cd3820a4ac320a926950b66d65b222e9ff3fbe5cd76f8e38833cdd245dd4243e2
Behavioral task
behavioral1
Sample
55012d17f84e136f034d78a49f6bc3f308ac5f7c7f9fdfe59436e479c0a23e2c.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
55012d17f84e136f034d78a49f6bc3f308ac5f7c7f9fdfe59436e479c0a23e2c.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
darkcomet
Guest16
enexbke.no-ip.org:1604
DC_MUTEX-40LW3PY
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
5qF963E8o4fU
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
55012d17f84e136f034d78a49f6bc3f308ac5f7c7f9fdfe59436e479c0a23e2c
-
Size
658KB
-
MD5
7f6522eed5681006fef33f7aeb092586
-
SHA1
1b2831396a354b54421447ad782ff2374d5e0bf0
-
SHA256
55012d17f84e136f034d78a49f6bc3f308ac5f7c7f9fdfe59436e479c0a23e2c
-
SHA512
2d7bf2051dbcaea70f0ee06ee5754123c9bc1b95dcbffdc3b749c4284451e31cd3820a4ac320a926950b66d65b222e9ff3fbe5cd76f8e38833cdd245dd4243e2
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-