General
-
Target
f39577e2b9f1f072160f1a7a568949e0399952e8f674bdf4a32b3f1d2ab6500d
-
Size
351KB
-
Sample
221001-3l9thacba9
-
MD5
68570f555fc1595e6ce6b2d8f34c059c
-
SHA1
28e3ba38749acf761fcb0e2c46c6ea6d2e7fe726
-
SHA256
f39577e2b9f1f072160f1a7a568949e0399952e8f674bdf4a32b3f1d2ab6500d
-
SHA512
ad27cbb422c5f8c4401a725509a97de4fd75239fb2717fa4f8250e77af2125e12f518e178b3c0d4eea3616e6ba3a108fdd6ac4172f17303fb8f7df170a4f4340
-
SSDEEP
6144:8D7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ69I2hgplSZ1:8l8E4w5huat7UovONzbXwOlh/NVR
Behavioral task
behavioral1
Sample
f39577e2b9f1f072160f1a7a568949e0399952e8f674bdf4a32b3f1d2ab6500d.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
79.203.54.214:1604
DC_MUTEX-15E21A0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Zw1LapYfDnkx
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
f39577e2b9f1f072160f1a7a568949e0399952e8f674bdf4a32b3f1d2ab6500d
-
Size
351KB
-
MD5
68570f555fc1595e6ce6b2d8f34c059c
-
SHA1
28e3ba38749acf761fcb0e2c46c6ea6d2e7fe726
-
SHA256
f39577e2b9f1f072160f1a7a568949e0399952e8f674bdf4a32b3f1d2ab6500d
-
SHA512
ad27cbb422c5f8c4401a725509a97de4fd75239fb2717fa4f8250e77af2125e12f518e178b3c0d4eea3616e6ba3a108fdd6ac4172f17303fb8f7df170a4f4340
-
SSDEEP
6144:8D7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ69I2hgplSZ1:8l8E4w5huat7UovONzbXwOlh/NVR
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-