General
-
Target
bb27aa4832e4828b28ccf07fe3bb073076bf679bf279f3097c25151c2a2bbe2e
-
Size
806KB
-
Sample
221001-3mjnpscbb4
-
MD5
6cce54199e92dde8802f7b25f321d3f0
-
SHA1
7243ccf1ca7b0fe07da0dd872ee194ac2afb5188
-
SHA256
bb27aa4832e4828b28ccf07fe3bb073076bf679bf279f3097c25151c2a2bbe2e
-
SHA512
fbd3f04c7e0f0fa86b062e3a1b8e898a91040771b883791fa8c189a14b4193abe13a94da30f05ad14bee5ea60b938fe81d27e19b20f7f9b20ba7bc6ffd0314f5
-
SSDEEP
12288:m9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hJy1T2GRe:CZ1xuVVjfFoynPaVBUR8f+kN10EB7yje
Behavioral task
behavioral1
Sample
bb27aa4832e4828b28ccf07fe3bb073076bf679bf279f3097c25151c2a2bbe2e.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Guest16
roger7100.ddnd.net:1604
DC_MUTEX-5VFJKB8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
HrMy41p14z4h
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
System32dll
Targets
-
-
Target
bb27aa4832e4828b28ccf07fe3bb073076bf679bf279f3097c25151c2a2bbe2e
-
Size
806KB
-
MD5
6cce54199e92dde8802f7b25f321d3f0
-
SHA1
7243ccf1ca7b0fe07da0dd872ee194ac2afb5188
-
SHA256
bb27aa4832e4828b28ccf07fe3bb073076bf679bf279f3097c25151c2a2bbe2e
-
SHA512
fbd3f04c7e0f0fa86b062e3a1b8e898a91040771b883791fa8c189a14b4193abe13a94da30f05ad14bee5ea60b938fe81d27e19b20f7f9b20ba7bc6ffd0314f5
-
SSDEEP
12288:m9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hJy1T2GRe:CZ1xuVVjfFoynPaVBUR8f+kN10EB7yje
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-