General
-
Target
aad73bfd7a30fb114cec0596fdd818edb7ddda1d27856682cf3134dcc3de0eee
-
Size
690KB
-
Sample
220731-ntntnsfden
-
MD5
2194793f9dcc7cc77d208c1f2b1e7e2c
-
SHA1
bbfe71946bcc3e94eb7032485da79a1186981e6b
-
SHA256
aad73bfd7a30fb114cec0596fdd818edb7ddda1d27856682cf3134dcc3de0eee
-
SHA512
41c2c41b2ab78c8c9df63d4ebe5eb7cc927422324b744a8734caf633a7fbfba6c5063fd8807d47417228aa81e04664901444e9cbcb224f80e646b3b598176e7a
Behavioral task
behavioral1
Sample
aad73bfd7a30fb114cec0596fdd818edb7ddda1d27856682cf3134dcc3de0eee.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
aad73bfd7a30fb114cec0596fdd818edb7ddda1d27856682cf3134dcc3de0eee.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
darkcomet
Guest16
192.168.1.4:1604
DC_MUTEX-PZNKCGY
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
AQtHj77eZQcF
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
aad73bfd7a30fb114cec0596fdd818edb7ddda1d27856682cf3134dcc3de0eee
-
Size
690KB
-
MD5
2194793f9dcc7cc77d208c1f2b1e7e2c
-
SHA1
bbfe71946bcc3e94eb7032485da79a1186981e6b
-
SHA256
aad73bfd7a30fb114cec0596fdd818edb7ddda1d27856682cf3134dcc3de0eee
-
SHA512
41c2c41b2ab78c8c9df63d4ebe5eb7cc927422324b744a8734caf633a7fbfba6c5063fd8807d47417228aa81e04664901444e9cbcb224f80e646b3b598176e7a
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-