General
-
Target
53088007e7fc6b99d0360c11271a93c30ec0027702295510a2ff678bd6c23eae
-
Size
658KB
-
Sample
221011-k9kv6sfgb2
-
MD5
7c875df6ebb540e41e086be9d5974ca0
-
SHA1
33558cb8b6431cb52d6ff668972a73193c4e736f
-
SHA256
53088007e7fc6b99d0360c11271a93c30ec0027702295510a2ff678bd6c23eae
-
SHA512
5b80526affb94975208dcde9613d252cc704b279ec1d045e69a142569ada693a1e07b3ad84ae09b9002fc672fbfd50e119aedfff6604b02aa378d888f9aebd3a
-
SSDEEP
12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hj:KZ1xuVVjfFoynPaVBUR8f+kN10EBV
Behavioral task
behavioral1
Sample
53088007e7fc6b99d0360c11271a93c30ec0027702295510a2ff678bd6c23eae.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
SAM
test83.no-ip.org:81
DC_MUTEX-MZFNFBS
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
BCiSTmz7anRH
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
53088007e7fc6b99d0360c11271a93c30ec0027702295510a2ff678bd6c23eae
-
Size
658KB
-
MD5
7c875df6ebb540e41e086be9d5974ca0
-
SHA1
33558cb8b6431cb52d6ff668972a73193c4e736f
-
SHA256
53088007e7fc6b99d0360c11271a93c30ec0027702295510a2ff678bd6c23eae
-
SHA512
5b80526affb94975208dcde9613d252cc704b279ec1d045e69a142569ada693a1e07b3ad84ae09b9002fc672fbfd50e119aedfff6604b02aa378d888f9aebd3a
-
SSDEEP
12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hj:KZ1xuVVjfFoynPaVBUR8f+kN10EBV
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-