General
-
Target
a5642d230f3cfd4a2a7cf766967e67947a6d854b9d5e8bdb5ce129971bce3f80
-
Size
718KB
-
Sample
220919-1nnb6safg9
-
MD5
81139fa7f308ef2f3c0ceb1cbaa82ee8
-
SHA1
1f7d7a73d6f6859c2015548c9a6b0e9920ad6b13
-
SHA256
a5642d230f3cfd4a2a7cf766967e67947a6d854b9d5e8bdb5ce129971bce3f80
-
SHA512
0bf8cf839df47c08f581730e3995887f5cd3fdbdb117e359fbb9f303c308e20b6e81f95003b13c143c2f3b7c4f4cfc1ec665dacd1d7dbc0a4363e45abb8177b4
-
SSDEEP
12288:nllDHGC0laNnjAsfwq132Q+Qga/gZbYfsYP3cpGbXE3MMyNb7n/XWdL80sfcD:n/DGC0URjAsB32Qvga/gZbusYzbhMyNo
Static task
static1
Behavioral task
behavioral1
Sample
a5642d230f3cfd4a2a7cf766967e67947a6d854b9d5e8bdb5ce129971bce3f80.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a5642d230f3cfd4a2a7cf766967e67947a6d854b9d5e8bdb5ce129971bce3f80.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-FFA5BUQ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
r1KV3P9crCSj
-
install
true
-
offline_keylogger
true
-
password
12345
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
a5642d230f3cfd4a2a7cf766967e67947a6d854b9d5e8bdb5ce129971bce3f80
-
Size
718KB
-
MD5
81139fa7f308ef2f3c0ceb1cbaa82ee8
-
SHA1
1f7d7a73d6f6859c2015548c9a6b0e9920ad6b13
-
SHA256
a5642d230f3cfd4a2a7cf766967e67947a6d854b9d5e8bdb5ce129971bce3f80
-
SHA512
0bf8cf839df47c08f581730e3995887f5cd3fdbdb117e359fbb9f303c308e20b6e81f95003b13c143c2f3b7c4f4cfc1ec665dacd1d7dbc0a4363e45abb8177b4
-
SSDEEP
12288:nllDHGC0laNnjAsfwq132Q+Qga/gZbYfsYP3cpGbXE3MMyNb7n/XWdL80sfcD:n/DGC0URjAsB32Qvga/gZbusYzbhMyNo
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-