General
-
Target
af628329a2c44dec542bf9075bd4bc3bbe2b41dae5997f88dbe8240c68c3237b
-
Size
445KB
-
Sample
220731-2x47qadahk
-
MD5
5d99801829ebd16dce02fee3dd30cc88
-
SHA1
17b5c98335473968d36401bb30739c0550e2f98b
-
SHA256
af628329a2c44dec542bf9075bd4bc3bbe2b41dae5997f88dbe8240c68c3237b
-
SHA512
6e796bb192748698ed1bb5a3ea85ace86655e4ad9f386069f4c5ca56aebae54646346e6cd2d0923b1b5c09fd28099bd657b01ddf8ae0b64e8b9158a09e2625d9
Behavioral task
behavioral1
Sample
af628329a2c44dec542bf9075bd4bc3bbe2b41dae5997f88dbe8240c68c3237b.exe
Resource
win7-20220718-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
1000
codemousa.no-ip.info:1604
DC_MUTEX-MYDDMY8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
R1ZJggCdq5SM
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
af628329a2c44dec542bf9075bd4bc3bbe2b41dae5997f88dbe8240c68c3237b
-
Size
445KB
-
MD5
5d99801829ebd16dce02fee3dd30cc88
-
SHA1
17b5c98335473968d36401bb30739c0550e2f98b
-
SHA256
af628329a2c44dec542bf9075bd4bc3bbe2b41dae5997f88dbe8240c68c3237b
-
SHA512
6e796bb192748698ed1bb5a3ea85ace86655e4ad9f386069f4c5ca56aebae54646346e6cd2d0923b1b5c09fd28099bd657b01ddf8ae0b64e8b9158a09e2625d9
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-