General
-
Target
8104866323.zip
-
Size
350KB
-
Sample
221005-lfazjseahm
-
MD5
af3fc5723787b6ae967a933afd6003c9
-
SHA1
486989fcb543cdaeaa937a8360c40bb1d45c3cc5
-
SHA256
c27390d5060a6ed747ecb8cbde6273f6aaac188d6edd9bd0a6294717424be2ff
-
SHA512
8f62b101f359754ade1bb5b7138457a8359528687dcfa0af1440a8b0d53a2c95193469d165b257e302fd49f3ef6ffeb84fb80ccd3e42f631d7d2d74956b48f5f
-
SSDEEP
6144:NkjfZzhFalCqat6FMbBqQpNOH6OhEnAr8i34s6f85jzahfDtoI3FIeTsUrMvHFBE:NqHalJ8XpCdhtGkFz2fVSYsSM/FBE
Behavioral task
behavioral1
Sample
003a042a75df5211952b5f4f9f9047a42c6ebb7ff42eaa1ecff2e46786dd45fb.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
003a042a75df5211952b5f4f9f9047a42c6ebb7ff42eaa1ecff2e46786dd45fb.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
Guest16_min
5.tcp.eu.ngrok.io:11769
DCMIN_MUTEX-DZFT8J7
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
Xi8GZDsVw7Em
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
003a042a75df5211952b5f4f9f9047a42c6ebb7ff42eaa1ecff2e46786dd45fb
-
Size
658KB
-
MD5
cabe1724c1a28ca8f3a7c3b8a7dcefc9
-
SHA1
ea05843bb47d8fbb44041a8d9118b91e2509f7fb
-
SHA256
003a042a75df5211952b5f4f9f9047a42c6ebb7ff42eaa1ecff2e46786dd45fb
-
SHA512
65b804cf5213c59ad2ab94873505b2ded673aaa44fde8eb3017a67ca89dee81ff44a6ccb4301e6fde319ca612cdd499346c1ab1d1e36a32e6778e5e88835705c
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hb:+Z1xuVVjfFoynPaVBUR8f+kN10EB1
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-