General
-
Target
f458a873443e550e7d2b6a8d69083cbd18c9832bf80b9f163dc43fed79492729
-
Size
544KB
-
Sample
221003-njbfladgcj
-
MD5
43b14536f1dfa015102cc625b3c734a6
-
SHA1
4a866c19a680b202c9b155265c8cd2f45d0f5950
-
SHA256
f458a873443e550e7d2b6a8d69083cbd18c9832bf80b9f163dc43fed79492729
-
SHA512
e780fb28b81376bc20766351a2b202ef9a0b336b3d256dca3501d8909aea72d3cef398a7befcba832a69caa5e8e00c61fadf9cccbb85721a2f40b2505df0db31
-
SSDEEP
12288:2phltQCO4VmN3kbzzejeXPmrhZ5Ez9+LTlh7:umN3cae/mr89IBh7
Static task
static1
Behavioral task
behavioral1
Sample
f458a873443e550e7d2b6a8d69083cbd18c9832bf80b9f163dc43fed79492729.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
wirehost.sytes.net:1624
wirehost2.zapto.org:1624
DC_MUTEX-X4HZLMT
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Xx4Eo1aAF6Pl
-
install
true
-
offline_keylogger
true
-
password
bastofos2
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
f458a873443e550e7d2b6a8d69083cbd18c9832bf80b9f163dc43fed79492729
-
Size
544KB
-
MD5
43b14536f1dfa015102cc625b3c734a6
-
SHA1
4a866c19a680b202c9b155265c8cd2f45d0f5950
-
SHA256
f458a873443e550e7d2b6a8d69083cbd18c9832bf80b9f163dc43fed79492729
-
SHA512
e780fb28b81376bc20766351a2b202ef9a0b336b3d256dca3501d8909aea72d3cef398a7befcba832a69caa5e8e00c61fadf9cccbb85721a2f40b2505df0db31
-
SSDEEP
12288:2phltQCO4VmN3kbzzejeXPmrhZ5Ez9+LTlh7:umN3cae/mr89IBh7
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-