General
-
Target
d7d1c3306e39345ffbc2139666f1ad2493c5f44a2013568651a5a0b8794fdca4
-
Size
658KB
-
Sample
220731-wf796abcgl
-
MD5
c6e98794d2a7a96b58e6931af36bb2a5
-
SHA1
ee15ac66f20a5ffab46bcfbffcd6348514385970
-
SHA256
d7d1c3306e39345ffbc2139666f1ad2493c5f44a2013568651a5a0b8794fdca4
-
SHA512
a83da52e17d87fa840ad2f9fbabd21127262de18e8a799986078ca7c3355a55e8fa93c750b0795b547c15c4ce7724d3539869e91e4f4e91104970cf808503ada
Behavioral task
behavioral1
Sample
d7d1c3306e39345ffbc2139666f1ad2493c5f44a2013568651a5a0b8794fdca4.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
d7d1c3306e39345ffbc2139666f1ad2493c5f44a2013568651a5a0b8794fdca4.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
darkcomet
Guest16_min
192.168.137.154:1604
DCMIN_MUTEX-2UDD0SF
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
wRAmEt6SW9Sa
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
d7d1c3306e39345ffbc2139666f1ad2493c5f44a2013568651a5a0b8794fdca4
-
Size
658KB
-
MD5
c6e98794d2a7a96b58e6931af36bb2a5
-
SHA1
ee15ac66f20a5ffab46bcfbffcd6348514385970
-
SHA256
d7d1c3306e39345ffbc2139666f1ad2493c5f44a2013568651a5a0b8794fdca4
-
SHA512
a83da52e17d87fa840ad2f9fbabd21127262de18e8a799986078ca7c3355a55e8fa93c750b0795b547c15c4ce7724d3539869e91e4f4e91104970cf808503ada
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-