General
-
Target
844d33b194e5882d9bb2525b80c8fc33bd7f90bc57eb57f505955367c87b443d
-
Size
251KB
-
Sample
221014-l21r4aade2
-
MD5
6d89f17a93725147c6f613ff4efcb340
-
SHA1
d66e284e78c103aaa5829b581c8b348486a4b8e3
-
SHA256
844d33b194e5882d9bb2525b80c8fc33bd7f90bc57eb57f505955367c87b443d
-
SHA512
5e30d4707d489fb21a42b1c93238e4ad99cf372f15041b2bb1da312111f3565aa390be2e77e02e1485ff48492e33da57988d663625265b3762a464db467a169c
-
SSDEEP
6144:ccNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL377:ccW7KEZlPzCy377
Behavioral task
behavioral1
Sample
844d33b194e5882d9bb2525b80c8fc33bd7f90bc57eb57f505955367c87b443d.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
not a rat
konedriver.zapto.org:3333
DC_MUTEX-Y5E8LB3
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
xWrcEfHfZmbo
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
844d33b194e5882d9bb2525b80c8fc33bd7f90bc57eb57f505955367c87b443d
-
Size
251KB
-
MD5
6d89f17a93725147c6f613ff4efcb340
-
SHA1
d66e284e78c103aaa5829b581c8b348486a4b8e3
-
SHA256
844d33b194e5882d9bb2525b80c8fc33bd7f90bc57eb57f505955367c87b443d
-
SHA512
5e30d4707d489fb21a42b1c93238e4ad99cf372f15041b2bb1da312111f3565aa390be2e77e02e1485ff48492e33da57988d663625265b3762a464db467a169c
-
SSDEEP
6144:ccNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL377:ccW7KEZlPzCy377
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-