General
-
Target
9802c5876d0742a696675d5f8643e54bc4867f912c7b0a1d30b7c2de11ec0661
-
Size
579KB
-
Sample
221003-tld76aebb9
-
MD5
68a54e3adbf81b3b808c11da8ce7c68a
-
SHA1
c7e1f952fd870d31508e69e41adc9f625781e34e
-
SHA256
9802c5876d0742a696675d5f8643e54bc4867f912c7b0a1d30b7c2de11ec0661
-
SHA512
9ccfbf2dacf6994c0f87e1fb32571c8e50085cd10e14860684e2ea421dd4ebd59884c5a5d6fe98fdee22ddd8e89c40e4962f776032dc730d0f163a6bdf3c808d
-
SSDEEP
12288:nVDHFNzdkfqQNQECtK/lGRgOUqmq9kR6lhKXrJjpfmOnX/M:VDHFNBkyQNQ9tK/cRgOnmq9g6QXnE
Static task
static1
Behavioral task
behavioral1
Sample
9802c5876d0742a696675d5f8643e54bc4867f912c7b0a1d30b7c2de11ec0661.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9802c5876d0742a696675d5f8643e54bc4867f912c7b0a1d30b7c2de11ec0661.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
Guest16
alankaboot.no-ip.biz:1604
DC_MUTEX-F54S21D
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
JbvaliXHAQvv
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
9802c5876d0742a696675d5f8643e54bc4867f912c7b0a1d30b7c2de11ec0661
-
Size
579KB
-
MD5
68a54e3adbf81b3b808c11da8ce7c68a
-
SHA1
c7e1f952fd870d31508e69e41adc9f625781e34e
-
SHA256
9802c5876d0742a696675d5f8643e54bc4867f912c7b0a1d30b7c2de11ec0661
-
SHA512
9ccfbf2dacf6994c0f87e1fb32571c8e50085cd10e14860684e2ea421dd4ebd59884c5a5d6fe98fdee22ddd8e89c40e4962f776032dc730d0f163a6bdf3c808d
-
SSDEEP
12288:nVDHFNzdkfqQNQECtK/lGRgOUqmq9kR6lhKXrJjpfmOnX/M:VDHFNBkyQNQ9tK/cRgOnmq9g6QXnE
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-