General
-
Target
d312993ca74c57c7b8bc830afaa647f4cc25ba24e61f3bdae61a9faef9048345
-
Size
1.1MB
-
Sample
221001-3me1hsddel
-
MD5
72efe4fa25f3d11c7539b0294cbc2a6c
-
SHA1
ff23ca62c741f6ec63df92abb4886c5709640fd0
-
SHA256
d312993ca74c57c7b8bc830afaa647f4cc25ba24e61f3bdae61a9faef9048345
-
SHA512
508163d29430c2577e6783a7bb88f2343604bc66ae689b173140ff3abd3a5b88c993c489edad0bc09b29080cebd7644c5e4fa1935fc684423c21c30fc0d98cf6
-
SSDEEP
24576:9Z1xuVVjfFoynPaVBUR8f+kN10EBu6gcbmE0Z:HQDgok300gzZ
Behavioral task
behavioral1
Sample
d312993ca74c57c7b8bc830afaa647f4cc25ba24e61f3bdae61a9faef9048345.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Guest16
ibedefacingwebpages.no-ip.biz:100
DC_MUTEX-J1YDAAT
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
BA13uwU2yspV
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
d312993ca74c57c7b8bc830afaa647f4cc25ba24e61f3bdae61a9faef9048345
-
Size
1.1MB
-
MD5
72efe4fa25f3d11c7539b0294cbc2a6c
-
SHA1
ff23ca62c741f6ec63df92abb4886c5709640fd0
-
SHA256
d312993ca74c57c7b8bc830afaa647f4cc25ba24e61f3bdae61a9faef9048345
-
SHA512
508163d29430c2577e6783a7bb88f2343604bc66ae689b173140ff3abd3a5b88c993c489edad0bc09b29080cebd7644c5e4fa1935fc684423c21c30fc0d98cf6
-
SSDEEP
24576:9Z1xuVVjfFoynPaVBUR8f+kN10EBu6gcbmE0Z:HQDgok300gzZ
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-