General
-
Target
7925fb4943617c8bf2740c0d4030243a70d5461d6069ed136c7a0360c9545744
-
Size
440KB
-
Sample
220731-ntqm9secc3
-
MD5
a56c8f7c8cc94966093d7ea2b3241f12
-
SHA1
e12bdd5b96295d73e2bd14b63d5be1dffe485796
-
SHA256
7925fb4943617c8bf2740c0d4030243a70d5461d6069ed136c7a0360c9545744
-
SHA512
5f343bd670d633f403d561312de638a4eac63bb937b86557c39b56f89a86ac94382319a36ac9bff5e9a4401e2f91950f4129e945e51668cd8937ec4a7c8849a6
Static task
static1
Behavioral task
behavioral1
Sample
7925fb4943617c8bf2740c0d4030243a70d5461d6069ed136c7a0360c9545744.exe
Resource
win7-20220715-en
Malware Config
Extracted
darkcomet
garry
212.83.162.240:4449
DC_MUTEX-HVQYYV2
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
qP9qMy51lYCf
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
SQLBrowser
Targets
-
-
Target
7925fb4943617c8bf2740c0d4030243a70d5461d6069ed136c7a0360c9545744
-
Size
440KB
-
MD5
a56c8f7c8cc94966093d7ea2b3241f12
-
SHA1
e12bdd5b96295d73e2bd14b63d5be1dffe485796
-
SHA256
7925fb4943617c8bf2740c0d4030243a70d5461d6069ed136c7a0360c9545744
-
SHA512
5f343bd670d633f403d561312de638a4eac63bb937b86557c39b56f89a86ac94382319a36ac9bff5e9a4401e2f91950f4129e945e51668cd8937ec4a7c8849a6
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-