General
-
Target
e1988357bf7b368cd41004b28d836914b075f0f35d985c426397d343f0c1e78a
-
Size
636KB
-
Sample
221001-zsp6wsgfak
-
MD5
6aa8b96dc40d343ed01f71a98bc33dd0
-
SHA1
f3054de583789ae77b90268b89b15842c81da48b
-
SHA256
e1988357bf7b368cd41004b28d836914b075f0f35d985c426397d343f0c1e78a
-
SHA512
d248d8f1db0b34dcdee876e3a5e52e8585bfec4d49765458ea620b4276ed5a691deae5eb5007e37ce9979a919c3c8fc59de8fe617dcab6321719a6c8303e7934
-
SSDEEP
12288:rClWWlTMKehR5IjmGRUqA6bARgoCfrgbisv69Wu:r3WlYKer2Wo0RgoCfriv+
Static task
static1
Behavioral task
behavioral1
Sample
e1988357bf7b368cd41004b28d836914b075f0f35d985c426397d343f0c1e78a.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e1988357bf7b368cd41004b28d836914b075f0f35d985c426397d343f0c1e78a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
microchip.myftp.org:80
microchip.myftp.org:5190
microchip.myftp.org:25
microchip.myftp.org:110
microchip.myftp.org:945
DC_MUTEX-22M89DH
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
bNsEugEKgtYk
-
install
true
-
offline_keylogger
true
-
password
pa$$w0rd117756
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
e1988357bf7b368cd41004b28d836914b075f0f35d985c426397d343f0c1e78a
-
Size
636KB
-
MD5
6aa8b96dc40d343ed01f71a98bc33dd0
-
SHA1
f3054de583789ae77b90268b89b15842c81da48b
-
SHA256
e1988357bf7b368cd41004b28d836914b075f0f35d985c426397d343f0c1e78a
-
SHA512
d248d8f1db0b34dcdee876e3a5e52e8585bfec4d49765458ea620b4276ed5a691deae5eb5007e37ce9979a919c3c8fc59de8fe617dcab6321719a6c8303e7934
-
SSDEEP
12288:rClWWlTMKehR5IjmGRUqA6bARgoCfrgbisv69Wu:r3WlYKer2Wo0RgoCfriv+
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-