General
-
Target
944ffe314b5646d086424ddc73157855aa47f93955aad19a774a9f79d574c45d
-
Size
649KB
-
Sample
221011-k98x1afgc7
-
MD5
7cc43446a7c3b5b4d28f23b0d1173cc0
-
SHA1
0f5ed1dad2915d5979b63548bad59065aac3e42a
-
SHA256
944ffe314b5646d086424ddc73157855aa47f93955aad19a774a9f79d574c45d
-
SHA512
2675d82cc6d5cb33846348caa9483e4a4dc8bd5e839ca5923d329e2f86091a635371d0547fcf786618a05577da8e085452f9999db73df9f38d61ca7c884266a3
-
SSDEEP
12288:7k0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+s:w0QRWoJEfg0oChGdJQbjPbNW5tYeP+G5
Behavioral task
behavioral1
Sample
944ffe314b5646d086424ddc73157855aa47f93955aad19a774a9f79d574c45d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
944ffe314b5646d086424ddc73157855aa47f93955aad19a774a9f79d574c45d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Rat
bxf4.no-ip.biz:3074
DCMIN_MUTEX-JQ1P8KN
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
0g1eJFgpg3x9
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Updates
Targets
-
-
Target
944ffe314b5646d086424ddc73157855aa47f93955aad19a774a9f79d574c45d
-
Size
649KB
-
MD5
7cc43446a7c3b5b4d28f23b0d1173cc0
-
SHA1
0f5ed1dad2915d5979b63548bad59065aac3e42a
-
SHA256
944ffe314b5646d086424ddc73157855aa47f93955aad19a774a9f79d574c45d
-
SHA512
2675d82cc6d5cb33846348caa9483e4a4dc8bd5e839ca5923d329e2f86091a635371d0547fcf786618a05577da8e085452f9999db73df9f38d61ca7c884266a3
-
SSDEEP
12288:7k0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+s:w0QRWoJEfg0oChGdJQbjPbNW5tYeP+G5
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-