General
-
Target
b761254c3627c7839e7dd94cb339699af7c8bd1f6400535afeb86b20190ee0d1
-
Size
690KB
-
Sample
221001-3t3p6adgbm
-
MD5
93087bd40c4e1550f856510c08a5f332
-
SHA1
41349653394e7c8e332b082dce0ded7c61d3a69c
-
SHA256
b761254c3627c7839e7dd94cb339699af7c8bd1f6400535afeb86b20190ee0d1
-
SHA512
2c61b745340e9b88d48467f175e3fc4a810b2adf4ee486adec200963ffb579841ead96c8edde0c311cdb979f8639836b63f1bfc1b2d47a07846636ff4964ca7b
-
SSDEEP
12288:Z9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hqs:jZ1xuVVjfFoynPaVBUR8f+kN10EBx
Behavioral task
behavioral1
Sample
b761254c3627c7839e7dd94cb339699af7c8bd1f6400535afeb86b20190ee0d1.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Guest16
203.192.205.71:80
DC_MUTEX-8HQU40W
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
s8dkdk5qgUVM
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
b761254c3627c7839e7dd94cb339699af7c8bd1f6400535afeb86b20190ee0d1
-
Size
690KB
-
MD5
93087bd40c4e1550f856510c08a5f332
-
SHA1
41349653394e7c8e332b082dce0ded7c61d3a69c
-
SHA256
b761254c3627c7839e7dd94cb339699af7c8bd1f6400535afeb86b20190ee0d1
-
SHA512
2c61b745340e9b88d48467f175e3fc4a810b2adf4ee486adec200963ffb579841ead96c8edde0c311cdb979f8639836b63f1bfc1b2d47a07846636ff4964ca7b
-
SSDEEP
12288:Z9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hqs:jZ1xuVVjfFoynPaVBUR8f+kN10EBx
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-