General
-
Target
cc02982c750629bce6c1cb23eb565495c6823796323c5fd00817273090ea7d77
-
Size
658KB
-
Sample
221001-3mfl2sddem
-
MD5
55395ef731c5a631abec11ed0e978470
-
SHA1
f2eea062acb3e4e163f7e9a0051fe22c1d6d198c
-
SHA256
cc02982c750629bce6c1cb23eb565495c6823796323c5fd00817273090ea7d77
-
SHA512
887e07ad230bad73ff536bd3b7338cc0639e6241a9b6e5a5dcc4fa17c31fcb0ce153b3e712258a99fe4939fd847782b69a9088334097842b0fab314d7a78057c
-
SSDEEP
12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hg:KZ1xuVVjfFoynPaVBUR8f+kN10EB6
Behavioral task
behavioral1
Sample
cc02982c750629bce6c1cb23eb565495c6823796323c5fd00817273090ea7d77.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
cc02982c750629bce6c1cb23eb565495c6823796323c5fd00817273090ea7d77.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-CNLPXW5
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
R7NeeQje4jv6
-
install
true
-
offline_keylogger
true
-
password
159753sa
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
cc02982c750629bce6c1cb23eb565495c6823796323c5fd00817273090ea7d77
-
Size
658KB
-
MD5
55395ef731c5a631abec11ed0e978470
-
SHA1
f2eea062acb3e4e163f7e9a0051fe22c1d6d198c
-
SHA256
cc02982c750629bce6c1cb23eb565495c6823796323c5fd00817273090ea7d77
-
SHA512
887e07ad230bad73ff536bd3b7338cc0639e6241a9b6e5a5dcc4fa17c31fcb0ce153b3e712258a99fe4939fd847782b69a9088334097842b0fab314d7a78057c
-
SSDEEP
12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hg:KZ1xuVVjfFoynPaVBUR8f+kN10EB6
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-