General
-
Target
0eb8729d5cfe37d6e743fff9a26e81d8aa7124390154ad8aca2657d320330cee
-
Size
658KB
-
Sample
221001-3mvqzaddfp
-
MD5
640b21a6983119ba8261bf9db1e07a10
-
SHA1
103ab193eeafeb5213bc1a94905090b76afaae77
-
SHA256
0eb8729d5cfe37d6e743fff9a26e81d8aa7124390154ad8aca2657d320330cee
-
SHA512
bd7a094e825ef01d2caa9ab4b9748015e9706c3d415b108c2d2e72d46a92009df2d24eee4ec73b5d7923c3f01499622d93debdd097a551a1164d318d2dd85f91
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h9:+Z1xuVVjfFoynPaVBUR8f+kN10EB7
Behavioral task
behavioral1
Sample
0eb8729d5cfe37d6e743fff9a26e81d8aa7124390154ad8aca2657d320330cee.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
0eb8729d5cfe37d6e743fff9a26e81d8aa7124390154ad8aca2657d320330cee.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
Guest16
91.109.23.72:1604
DC_MUTEX-HQVMJBC
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
2nMa4dc9PktF
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
0eb8729d5cfe37d6e743fff9a26e81d8aa7124390154ad8aca2657d320330cee
-
Size
658KB
-
MD5
640b21a6983119ba8261bf9db1e07a10
-
SHA1
103ab193eeafeb5213bc1a94905090b76afaae77
-
SHA256
0eb8729d5cfe37d6e743fff9a26e81d8aa7124390154ad8aca2657d320330cee
-
SHA512
bd7a094e825ef01d2caa9ab4b9748015e9706c3d415b108c2d2e72d46a92009df2d24eee4ec73b5d7923c3f01499622d93debdd097a551a1164d318d2dd85f91
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h9:+Z1xuVVjfFoynPaVBUR8f+kN10EB7
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-