General
-
Target
245c324dc606d05bd556cbd65e18237cad79e82206fa080959ccced5a8082651
-
Size
232KB
-
Sample
221014-l22dmaade3
-
MD5
4476168a370bc5887b21c0fa4c0c6d90
-
SHA1
55bdc22e3dc6a7843a8d2f6f9af426ee5ee0a8e3
-
SHA256
245c324dc606d05bd556cbd65e18237cad79e82206fa080959ccced5a8082651
-
SHA512
40d53217eb9ac2cc664b58e006a26d562f4fbb4b0851d0f646dd6f34b63451eebe23eab818b8e1f6bbbc4a2078f173bea5d11ac8f32d308a458e74c8bb0559d0
-
SSDEEP
6144:JjFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMToS:VFy9bPQZlFjrG0ZmYbwSoS
Behavioral task
behavioral1
Sample
245c324dc606d05bd556cbd65e18237cad79e82206fa080959ccced5a8082651.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
245c324dc606d05bd556cbd65e18237cad79e82206fa080959ccced5a8082651.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16_min
85.151.77.135:2042
DCMIN_MUTEX-JXAL8YV
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
rv8TypgSw9eL
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Google
Targets
-
-
Target
245c324dc606d05bd556cbd65e18237cad79e82206fa080959ccced5a8082651
-
Size
232KB
-
MD5
4476168a370bc5887b21c0fa4c0c6d90
-
SHA1
55bdc22e3dc6a7843a8d2f6f9af426ee5ee0a8e3
-
SHA256
245c324dc606d05bd556cbd65e18237cad79e82206fa080959ccced5a8082651
-
SHA512
40d53217eb9ac2cc664b58e006a26d562f4fbb4b0851d0f646dd6f34b63451eebe23eab818b8e1f6bbbc4a2078f173bea5d11ac8f32d308a458e74c8bb0559d0
-
SSDEEP
6144:JjFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMToS:VFy9bPQZlFjrG0ZmYbwSoS
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-