General
-
Target
d62a1e32fe99a3aace48d75dbebc3603f227f8092c4d88c33d736fbed2906323
-
Size
658KB
-
Sample
220731-ntlpbaecb5
-
MD5
f550cd713724e31c2a4bf157d89cd8e5
-
SHA1
fafbaba2c3db6e3abaf7dc14d0dcbd9832e9701f
-
SHA256
d62a1e32fe99a3aace48d75dbebc3603f227f8092c4d88c33d736fbed2906323
-
SHA512
e775f49a0c7ceda3c2a16a194ac2e42b2cb7b868f6c3945dcaf0e5360a88d10c8920dd2548aacf6b3e36340d4dbe8055a8f597c7207ca0d3947193b30d5458bf
Behavioral task
behavioral1
Sample
d62a1e32fe99a3aace48d75dbebc3603f227f8092c4d88c33d736fbed2906323.exe
Resource
win7-20220715-en
Malware Config
Extracted
darkcomet
Guest16
MrLewendB.dynu.ne]:1604
DC_MUTEX-T831TAX
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
VeogfnLxfxhM
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
d62a1e32fe99a3aace48d75dbebc3603f227f8092c4d88c33d736fbed2906323
-
Size
658KB
-
MD5
f550cd713724e31c2a4bf157d89cd8e5
-
SHA1
fafbaba2c3db6e3abaf7dc14d0dcbd9832e9701f
-
SHA256
d62a1e32fe99a3aace48d75dbebc3603f227f8092c4d88c33d736fbed2906323
-
SHA512
e775f49a0c7ceda3c2a16a194ac2e42b2cb7b868f6c3945dcaf0e5360a88d10c8920dd2548aacf6b3e36340d4dbe8055a8f597c7207ca0d3947193b30d5458bf
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-