General
-
Target
d3f43c6f76107610cf30b0ef751cd5743cd05bb42f182f5933ac58cf08e63090
-
Size
232KB
-
Sample
221011-lasx6sfge3
-
MD5
6518355730fc5451e1282980c71e2c20
-
SHA1
4279b8fd805980a202abefaf39cdc068f88a0570
-
SHA256
d3f43c6f76107610cf30b0ef751cd5743cd05bb42f182f5933ac58cf08e63090
-
SHA512
1cced1364496f8c4f7eaced73e53ee0ce941225b0f4827a4e7e5e4359cb38c32838bfd7312388c00ccfff48256b4ac49ac0c66d79c1ef15d48cd6c04edb2f21a
-
SSDEEP
6144:HjFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMyDoS:DFy9bPQZlFjrG0ZmYbwvoS
Behavioral task
behavioral1
Sample
d3f43c6f76107610cf30b0ef751cd5743cd05bb42f182f5933ac58cf08e63090.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d3f43c6f76107610cf30b0ef751cd5743cd05bb42f182f5933ac58cf08e63090.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16_min
aazzeezz.no-ip.biz:1604
DCMIN_MUTEX-ZL27BN5
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
WyaQPspYwvik
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
d3f43c6f76107610cf30b0ef751cd5743cd05bb42f182f5933ac58cf08e63090
-
Size
232KB
-
MD5
6518355730fc5451e1282980c71e2c20
-
SHA1
4279b8fd805980a202abefaf39cdc068f88a0570
-
SHA256
d3f43c6f76107610cf30b0ef751cd5743cd05bb42f182f5933ac58cf08e63090
-
SHA512
1cced1364496f8c4f7eaced73e53ee0ce941225b0f4827a4e7e5e4359cb38c32838bfd7312388c00ccfff48256b4ac49ac0c66d79c1ef15d48cd6c04edb2f21a
-
SSDEEP
6144:HjFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMyDoS:DFy9bPQZlFjrG0ZmYbwvoS
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-