General
-
Target
61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc
-
Size
658KB
-
Sample
220730-y9rwdafac6
-
MD5
674f4d8ef4964657adf1aa84d1a4bd22
-
SHA1
fd837d847f4840edb6cc1218f1ea59a7813bfc96
-
SHA256
61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc
-
SHA512
eea4f665c5233d8ecfaecf3fbc59b52d9a5dc62b8ce4d2c17c261d53d75841756df27a1f1ae96d63bcade4bd6213599d92f975d5df809b7669a47ca4a7126d84
Behavioral task
behavioral1
Sample
61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc.exe
Resource
win7-20220715-en
Malware Config
Extracted
darkcomet
Guest16
cometka321.ddns.net:1604
DC_MUTEX-JZ5G2G4
-
InstallPath
Windows\msdcsc.exe
-
gencode
TjzE59HsqfK5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
WindowsUpdate
Targets
-
-
Target
61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc
-
Size
658KB
-
MD5
674f4d8ef4964657adf1aa84d1a4bd22
-
SHA1
fd837d847f4840edb6cc1218f1ea59a7813bfc96
-
SHA256
61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc
-
SHA512
eea4f665c5233d8ecfaecf3fbc59b52d9a5dc62b8ce4d2c17c261d53d75841756df27a1f1ae96d63bcade4bd6213599d92f975d5df809b7669a47ca4a7126d84
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-