General
-
Target
571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e
-
Size
349KB
-
Sample
221002-spa48sdfcr
-
MD5
6d2706ffb3b1c6efd5594e1a2ff787b0
-
SHA1
b819a1b540b2f21c1ae6fcb7c925a51e445f3b0a
-
SHA256
571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e
-
SHA512
968c98c388a3fffe0a8a89f496c9fafb59419440d0f4ae49d5ccb1ceb3f4611c3e6cd327258ba47cfc55d3620aafc62d0b7bc889a1712c63dda227025fa4c653
-
SSDEEP
6144:wcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37d3I2RwplSZkOiu9PZ/p:wcW7KEZlPzCy37xRPNVR
Behavioral task
behavioral1
Sample
571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
rabdarcrab.no-ip.biz:1604
DC_MUTEX-12PKHNW
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
yVkohe6HvLBv
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e
-
Size
349KB
-
MD5
6d2706ffb3b1c6efd5594e1a2ff787b0
-
SHA1
b819a1b540b2f21c1ae6fcb7c925a51e445f3b0a
-
SHA256
571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e
-
SHA512
968c98c388a3fffe0a8a89f496c9fafb59419440d0f4ae49d5ccb1ceb3f4611c3e6cd327258ba47cfc55d3620aafc62d0b7bc889a1712c63dda227025fa4c653
-
SSDEEP
6144:wcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37d3I2RwplSZkOiu9PZ/p:wcW7KEZlPzCy37xRPNVR
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-