General
-
Target
9261feab91f00446a0442a4b995534c204dc90b2cdf7c59da6f6c15c229920f7
-
Size
385KB
-
Sample
221001-3t5vhscea3
-
MD5
cd433e011e7459cfdd655a746091468d
-
SHA1
9ec239c9f172811477a912e2eabdd2e5595309fd
-
SHA256
9261feab91f00446a0442a4b995534c204dc90b2cdf7c59da6f6c15c229920f7
-
SHA512
e068db8e49a4585686510cb845d5a31ea50f38478bef81bf0c62818cbe17273ec7ec17fd7208a4ebe8687f50383d9323d5d00361483adbda7dd5393ba6680c25
-
SSDEEP
6144:8cNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PnLwtvDzbYgfmX4rFBgp1:8cWkbgTYWnYnt/IDYhP0pDPYYm66
Behavioral task
behavioral1
Sample
9261feab91f00446a0442a4b995534c204dc90b2cdf7c59da6f6c15c229920f7.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
megaserver9.ddns.net:1604
DC_MUTEX-GSZE25Q
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Rc79eTyNGsqt
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
9261feab91f00446a0442a4b995534c204dc90b2cdf7c59da6f6c15c229920f7
-
Size
385KB
-
MD5
cd433e011e7459cfdd655a746091468d
-
SHA1
9ec239c9f172811477a912e2eabdd2e5595309fd
-
SHA256
9261feab91f00446a0442a4b995534c204dc90b2cdf7c59da6f6c15c229920f7
-
SHA512
e068db8e49a4585686510cb845d5a31ea50f38478bef81bf0c62818cbe17273ec7ec17fd7208a4ebe8687f50383d9323d5d00361483adbda7dd5393ba6680c25
-
SSDEEP
6144:8cNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PnLwtvDzbYgfmX4rFBgp1:8cWkbgTYWnYnt/IDYhP0pDPYYm66
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-