General
-
Target
a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79
-
Size
377KB
-
Sample
221002-pw3w2sfch3
-
MD5
6feaab979663244eca21c62008b09202
-
SHA1
89da90563896e8af51b1613b7848db8af17ae615
-
SHA256
a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79
-
SHA512
c3aebe6cb7a9f2c8a6069953d68a31e2e40ce007ef2a0f3bf94cd2ffb107d46d16ce281a8127d8661e778eeccfab47096839c9053f178815cd142ac3a60b6a4a
-
SSDEEP
6144:IcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37mO4EqXoetQGqvvoB:IcW7KEZlPzCy37mO4iGqvw
Behavioral task
behavioral1
Sample
a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
Guest16
192.168.0.210:1604
DC_MUTEX-JNPFFAB
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
asWjgGEaR2qG
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79
-
Size
377KB
-
MD5
6feaab979663244eca21c62008b09202
-
SHA1
89da90563896e8af51b1613b7848db8af17ae615
-
SHA256
a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79
-
SHA512
c3aebe6cb7a9f2c8a6069953d68a31e2e40ce007ef2a0f3bf94cd2ffb107d46d16ce281a8127d8661e778eeccfab47096839c9053f178815cd142ac3a60b6a4a
-
SSDEEP
6144:IcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37mO4EqXoetQGqvvoB:IcW7KEZlPzCy37mO4iGqvw
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-