General
-
Target
37c85de402ab81c7ba222f1125b8482c996d833b64d435e8556c9e7e9ef6ae7c
-
Size
1.2MB
-
Sample
221003-tmqmksebg5
-
MD5
463fc80a8b7127c9a2bee8921a447b20
-
SHA1
012e76b8f86df7c37d99ebd310cce49941957efd
-
SHA256
37c85de402ab81c7ba222f1125b8482c996d833b64d435e8556c9e7e9ef6ae7c
-
SHA512
5260c379e17add48586708543b2c9a17e1cf4b090701bec4ae63f8d1ecf184167dfeb422278c9b68f6be96451bc82e18a55f77dfcd663c9e52b057cd8a733588
-
SSDEEP
24576:QnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JJfpwoExfLMiLaRmFME3:6ELbVMTrOq49ISVc
Behavioral task
behavioral1
Sample
37c85de402ab81c7ba222f1125b8482c996d833b64d435e8556c9e7e9ef6ae7c.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Guest16
lolnoobgg.zapto.org:100
DC_MUTEX-NXLVS10
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
e27Kjsz3T8LX
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
37c85de402ab81c7ba222f1125b8482c996d833b64d435e8556c9e7e9ef6ae7c
-
Size
1.2MB
-
MD5
463fc80a8b7127c9a2bee8921a447b20
-
SHA1
012e76b8f86df7c37d99ebd310cce49941957efd
-
SHA256
37c85de402ab81c7ba222f1125b8482c996d833b64d435e8556c9e7e9ef6ae7c
-
SHA512
5260c379e17add48586708543b2c9a17e1cf4b090701bec4ae63f8d1ecf184167dfeb422278c9b68f6be96451bc82e18a55f77dfcd663c9e52b057cd8a733588
-
SSDEEP
24576:QnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JJfpwoExfLMiLaRmFME3:6ELbVMTrOq49ISVc
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-