General
-
Target
120ad1ebc9ba660bb4219bb4d5a5c48f9a2b711337378bf29dad4ca4db0b5ffd
-
Size
1.0MB
-
Sample
221004-hsxsasggen
-
MD5
1dc8033aa38b45b72b5033159925a96a
-
SHA1
67e37cba35f54dc85d071b7c202e2fb86189af0f
-
SHA256
120ad1ebc9ba660bb4219bb4d5a5c48f9a2b711337378bf29dad4ca4db0b5ffd
-
SHA512
c1058b271e3fa7fdf1bfe48e031e358b45e184242fe50c2917d20932b1b7f5b533bee9d7e646fd80e661858c5452a52f017f8eb2587ce1894171c84be4739cd6
-
SSDEEP
24576:kMmnDC+CIbprBTgJm6/JtinlCXHFz/hpsgUogiz:kjDCbSrq/el8HFz2zk
Behavioral task
behavioral1
Sample
120ad1ebc9ba660bb4219bb4d5a5c48f9a2b711337378bf29dad4ca4db0b5ffd.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
MyGuest
motorola5.no-ip.biz:81
DC_MUTEX-PR2ZWZP
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
xAF428g3QiGM
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
120ad1ebc9ba660bb4219bb4d5a5c48f9a2b711337378bf29dad4ca4db0b5ffd
-
Size
1.0MB
-
MD5
1dc8033aa38b45b72b5033159925a96a
-
SHA1
67e37cba35f54dc85d071b7c202e2fb86189af0f
-
SHA256
120ad1ebc9ba660bb4219bb4d5a5c48f9a2b711337378bf29dad4ca4db0b5ffd
-
SHA512
c1058b271e3fa7fdf1bfe48e031e358b45e184242fe50c2917d20932b1b7f5b533bee9d7e646fd80e661858c5452a52f017f8eb2587ce1894171c84be4739cd6
-
SSDEEP
24576:kMmnDC+CIbprBTgJm6/JtinlCXHFz/hpsgUogiz:kjDCbSrq/el8HFz2zk
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-