General
-
Target
7845e3ad0296d12893b2735d4030376213e1b68f335c679c5e150f6a021618e0
-
Size
690KB
-
Sample
220731-nt22asfdeq
-
MD5
a6fc15a4d07a4499215d9b1b26e10410
-
SHA1
cbd72b00f5437ac93a076c945a2c5196aff28e49
-
SHA256
7845e3ad0296d12893b2735d4030376213e1b68f335c679c5e150f6a021618e0
-
SHA512
194da568d5aa65c8958dd42b5aed564806d8079fc8d5252e2ff2589fc05e8af496f6cf498e5ec02640e1d6c25c3697bdd9109a2bc68f893d9725dc92badfea09
Behavioral task
behavioral1
Sample
7845e3ad0296d12893b2735d4030376213e1b68f335c679c5e150f6a021618e0.exe
Resource
win7-20220715-en
Malware Config
Extracted
darkcomet
Guest16
daniil39111.ddns.net:3004
DC_MUTEX-0FKK5K4
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Vs57NZjoBcZW
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
7845e3ad0296d12893b2735d4030376213e1b68f335c679c5e150f6a021618e0
-
Size
690KB
-
MD5
a6fc15a4d07a4499215d9b1b26e10410
-
SHA1
cbd72b00f5437ac93a076c945a2c5196aff28e49
-
SHA256
7845e3ad0296d12893b2735d4030376213e1b68f335c679c5e150f6a021618e0
-
SHA512
194da568d5aa65c8958dd42b5aed564806d8079fc8d5252e2ff2589fc05e8af496f6cf498e5ec02640e1d6c25c3697bdd9109a2bc68f893d9725dc92badfea09
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-