General
-
Target
64a3d795217f0ccfdf970234df1e6ca97946f8c17287d715c3dac1cd240f16f8
-
Size
438KB
-
Sample
221001-3nd5lsddgp
-
MD5
742019382bc9a828b8484f76df7afc02
-
SHA1
5bbd0b7f08680bbfaab4f97168fe025df25f8a9e
-
SHA256
64a3d795217f0ccfdf970234df1e6ca97946f8c17287d715c3dac1cd240f16f8
-
SHA512
9004d2e85ac926aa35cb2dd9e96b448b1bc412519753f71387f8673cf1da2d1b9d927ad59eb927ca32708dab50a027039b5b35633b7a563c44d97f4712eb1f8f
-
SSDEEP
6144:3YpRNQuZi9+neeKGn4SBIz0Bpv/8Ykw+aS05ukvj3Z1LnHEHLXqR9VTfbBOX:Ip/1Fxn+G8S+aLdDZ1ziL6RrT0
Static task
static1
Behavioral task
behavioral1
Sample
64a3d795217f0ccfdf970234df1e6ca97946f8c17287d715c3dac1cd240f16f8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
64a3d795217f0ccfdf970234df1e6ca97946f8c17287d715c3dac1cd240f16f8.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
zhenar42.zapto.org:1604
DC_MUTEX-U5BDK0P
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
d6NERcemLYqc
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
64a3d795217f0ccfdf970234df1e6ca97946f8c17287d715c3dac1cd240f16f8
-
Size
438KB
-
MD5
742019382bc9a828b8484f76df7afc02
-
SHA1
5bbd0b7f08680bbfaab4f97168fe025df25f8a9e
-
SHA256
64a3d795217f0ccfdf970234df1e6ca97946f8c17287d715c3dac1cd240f16f8
-
SHA512
9004d2e85ac926aa35cb2dd9e96b448b1bc412519753f71387f8673cf1da2d1b9d927ad59eb927ca32708dab50a027039b5b35633b7a563c44d97f4712eb1f8f
-
SSDEEP
6144:3YpRNQuZi9+neeKGn4SBIz0Bpv/8Ykw+aS05ukvj3Z1LnHEHLXqR9VTfbBOX:Ip/1Fxn+G8S+aLdDZ1ziL6RrT0
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-