General
-
Target
7ef2f20951e18b1710eb8635edbdd06c3a5d16239ff7c81e4eb4ef15361a29ea
-
Size
232KB
-
Sample
221011-latvgafge4
-
MD5
685621a76491b85b1f295cf4219bbfd1
-
SHA1
fdb44353834039f3b7d58557854e8cafed916568
-
SHA256
7ef2f20951e18b1710eb8635edbdd06c3a5d16239ff7c81e4eb4ef15361a29ea
-
SHA512
b326ecfb3cdd8856eb8f4805d23204d351cd7e0e32f91e32f1bb74c4a3f78f8d7a5ac4308f68faf80d53ed4fc9e9d0b7877097ee9e3c7b44b9dee1992f57efc2
-
SSDEEP
6144:KjFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwM3oS:qFy9bPQZlFjrG0ZmYbwOoS
Behavioral task
behavioral1
Sample
7ef2f20951e18b1710eb8635edbdd06c3a5d16239ff7c81e4eb4ef15361a29ea.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
sadasda
myloveforyou.no-ip.org:80
DCMIN_MUTEX-2RDC30X
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
zECfLsl3sXpx
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
7ef2f20951e18b1710eb8635edbdd06c3a5d16239ff7c81e4eb4ef15361a29ea
-
Size
232KB
-
MD5
685621a76491b85b1f295cf4219bbfd1
-
SHA1
fdb44353834039f3b7d58557854e8cafed916568
-
SHA256
7ef2f20951e18b1710eb8635edbdd06c3a5d16239ff7c81e4eb4ef15361a29ea
-
SHA512
b326ecfb3cdd8856eb8f4805d23204d351cd7e0e32f91e32f1bb74c4a3f78f8d7a5ac4308f68faf80d53ed4fc9e9d0b7877097ee9e3c7b44b9dee1992f57efc2
-
SSDEEP
6144:KjFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwM3oS:qFy9bPQZlFjrG0ZmYbwOoS
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-