General
-
Target
ba8047a4d2173823a99c4ca93ec07ecf94e7f50b0c0169ef9f654ba111e8b82c
-
Size
1.2MB
-
Sample
220919-dhp79adea7
-
MD5
33fdbcf3a82778a8ea00249107bc8fe5
-
SHA1
202fa6601456532d10ffe3060d5a7ad92b53c072
-
SHA256
ba8047a4d2173823a99c4ca93ec07ecf94e7f50b0c0169ef9f654ba111e8b82c
-
SHA512
0ec581b76f5a7ba20ccdabdda7ab4a4df79e4e99bbf7c6b60118965b271025a1d2c9ed57661cdc7fdbcd05f1a4e83d3e64444b18bbe312460b5f1168f8ab624a
-
SSDEEP
12288:lMEybYDzia5HqVG2Xc9cRYBfoozHwC1qgdB/Cfv2XyTkKORtRWAsENB0GSEMkN91:C9XHR0Q4/CGXyTn7AsENBprMMNvX5
Static task
static1
Behavioral task
behavioral1
Sample
ba8047a4d2173823a99c4ca93ec07ecf94e7f50b0c0169ef9f654ba111e8b82c.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Zombie
anonymous-hr.zapto.org:5150
127.0.0.1:5150
DC_MUTEX-A7UL2P5
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
5dY8i3S9M0Ys
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
ba8047a4d2173823a99c4ca93ec07ecf94e7f50b0c0169ef9f654ba111e8b82c
-
Size
1.2MB
-
MD5
33fdbcf3a82778a8ea00249107bc8fe5
-
SHA1
202fa6601456532d10ffe3060d5a7ad92b53c072
-
SHA256
ba8047a4d2173823a99c4ca93ec07ecf94e7f50b0c0169ef9f654ba111e8b82c
-
SHA512
0ec581b76f5a7ba20ccdabdda7ab4a4df79e4e99bbf7c6b60118965b271025a1d2c9ed57661cdc7fdbcd05f1a4e83d3e64444b18bbe312460b5f1168f8ab624a
-
SSDEEP
12288:lMEybYDzia5HqVG2Xc9cRYBfoozHwC1qgdB/Cfv2XyTkKORtRWAsENB0GSEMkN91:C9XHR0Q4/CGXyTn7AsENBprMMNvX5
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-