General
-
Target
3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45
-
Size
528KB
-
Sample
221001-3m252scbc8
-
MD5
65eb70dfafe3c0c78109a442af7eae90
-
SHA1
a4373ffff571a12ce7a88ff149da155b3b4087af
-
SHA256
3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45
-
SHA512
3a8cb9d7f8531080fa2f67f21efcd9c84e36d4e42363aac3255152bfb4b63bfa57ee9097a40b1ab5f0320acbfca7270a6c2452c554f517257f45e41af0bc1f9d
-
SSDEEP
6144:gJ6hxh6edXLpKOseh6dDYcOzOohWoQb+RYWeWE3XvDMAIGubCjIFjqKoBoO:gCAUcO0OcOzOAuyRmDMFbOqjqKoBo
Static task
static1
Behavioral task
behavioral1
Sample
3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
carlosjohn301.ddns.net:1604
DC_MUTEX-ADH0PPW
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
qXwwGCGxgJlf
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45
-
Size
528KB
-
MD5
65eb70dfafe3c0c78109a442af7eae90
-
SHA1
a4373ffff571a12ce7a88ff149da155b3b4087af
-
SHA256
3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45
-
SHA512
3a8cb9d7f8531080fa2f67f21efcd9c84e36d4e42363aac3255152bfb4b63bfa57ee9097a40b1ab5f0320acbfca7270a6c2452c554f517257f45e41af0bc1f9d
-
SSDEEP
6144:gJ6hxh6edXLpKOseh6dDYcOzOohWoQb+RYWeWE3XvDMAIGubCjIFjqKoBoO:gCAUcO0OcOzOAuyRmDMFbOqjqKoBo
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-