General
-
Target
c97eaffee8db3c606b34e48e6a7a48ad79fe5251188f4917194e90c624e8e32c
-
Size
662KB
-
Sample
221001-3c7b1sbff9
-
MD5
730188f792411355f17e20284e78d7e1
-
SHA1
93fdd3ae8b09362d3bd67816f099bb74f52d8b93
-
SHA256
c97eaffee8db3c606b34e48e6a7a48ad79fe5251188f4917194e90c624e8e32c
-
SHA512
a0974e3d5a1a21eb4dc3d7ee6258d43b1a79d900e4e2c086af19bde3fd964bac1c29165c66e5ca45ef3d7d2ba5af0d03c29ba831c0c35644400761c9796b7625
-
SSDEEP
12288:o3OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/RN:eOA4aWNn/m09fKIaaBEtWq3A1Ov8JgbP
Behavioral task
behavioral1
Sample
c97eaffee8db3c606b34e48e6a7a48ad79fe5251188f4917194e90c624e8e32c.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
mula00100.no-ip.org:1604
DC_MUTEX-QWDNF7H
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
FPKP3oF43033
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
c97eaffee8db3c606b34e48e6a7a48ad79fe5251188f4917194e90c624e8e32c
-
Size
662KB
-
MD5
730188f792411355f17e20284e78d7e1
-
SHA1
93fdd3ae8b09362d3bd67816f099bb74f52d8b93
-
SHA256
c97eaffee8db3c606b34e48e6a7a48ad79fe5251188f4917194e90c624e8e32c
-
SHA512
a0974e3d5a1a21eb4dc3d7ee6258d43b1a79d900e4e2c086af19bde3fd964bac1c29165c66e5ca45ef3d7d2ba5af0d03c29ba831c0c35644400761c9796b7625
-
SSDEEP
12288:o3OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/RN:eOA4aWNn/m09fKIaaBEtWq3A1Ov8JgbP
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-