General
-
Target
7c0419ba2a9a126e8193f3efd67a5aea331de825c0bbbf89ef3950ea08b766c7
-
Size
756KB
-
Sample
221003-tlmjjaebc8
-
MD5
6d3942d9fe24a9da8310d6991ea77030
-
SHA1
60bf0552c3b6a37ee840382792cb5e837c88e4fe
-
SHA256
7c0419ba2a9a126e8193f3efd67a5aea331de825c0bbbf89ef3950ea08b766c7
-
SHA512
bf31936ce761718ef6daf755db7c9a10a42420022c57a42f575eb52f1a8bce6208f34b72b97ff150d5bba03346537eaf8f4bb958e71bddf309cb3e4bbe2ff594
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h1:eZ1xuVVjfFoynPaVBUR8f+kN10EB3
Behavioral task
behavioral1
Sample
7c0419ba2a9a126e8193f3efd67a5aea331de825c0bbbf89ef3950ea08b766c7.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
7c0419ba2a9a126e8193f3efd67a5aea331de825c0bbbf89ef3950ea08b766c7.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
victime
88.139.111.187:1604
DC_MUTEX-5014XJ2
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
BFM60zGFMdWM
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
7c0419ba2a9a126e8193f3efd67a5aea331de825c0bbbf89ef3950ea08b766c7
-
Size
756KB
-
MD5
6d3942d9fe24a9da8310d6991ea77030
-
SHA1
60bf0552c3b6a37ee840382792cb5e837c88e4fe
-
SHA256
7c0419ba2a9a126e8193f3efd67a5aea331de825c0bbbf89ef3950ea08b766c7
-
SHA512
bf31936ce761718ef6daf755db7c9a10a42420022c57a42f575eb52f1a8bce6208f34b72b97ff150d5bba03346537eaf8f4bb958e71bddf309cb3e4bbe2ff594
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h1:eZ1xuVVjfFoynPaVBUR8f+kN10EB3
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-