General
-
Target
ef7cf32c862faf37438a4498376c8949f8b40f14c09b97a4180baa4cde3b5d83
-
Size
232KB
-
Sample
221014-l2xqfaadd7
-
MD5
72a69812baa0e85ea8946cc8ae39f230
-
SHA1
53143da9081700f63da56db304367700cab880ee
-
SHA256
ef7cf32c862faf37438a4498376c8949f8b40f14c09b97a4180baa4cde3b5d83
-
SHA512
ff9d8dfe88902db7063db62705cb9c6215896c64b7671e35cea2d38bf6166150eac1bf704a1b7aa4d99bf416252f92f1aa09ae6292f53386bdf83249b8abd073
-
SSDEEP
6144:ijFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMwXtIoS:iFy9bPQZlFjrG0ZmYbwlXtIoS
Behavioral task
behavioral1
Sample
ef7cf32c862faf37438a4498376c8949f8b40f14c09b97a4180baa4cde3b5d83.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ef7cf32c862faf37438a4498376c8949f8b40f14c09b97a4180baa4cde3b5d83.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
Guest16_min
127.0.0.1:1604
DCMIN_MUTEX-C0HKP9Q
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
TEe1dY1p2nrS
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
exasoft
Targets
-
-
Target
ef7cf32c862faf37438a4498376c8949f8b40f14c09b97a4180baa4cde3b5d83
-
Size
232KB
-
MD5
72a69812baa0e85ea8946cc8ae39f230
-
SHA1
53143da9081700f63da56db304367700cab880ee
-
SHA256
ef7cf32c862faf37438a4498376c8949f8b40f14c09b97a4180baa4cde3b5d83
-
SHA512
ff9d8dfe88902db7063db62705cb9c6215896c64b7671e35cea2d38bf6166150eac1bf704a1b7aa4d99bf416252f92f1aa09ae6292f53386bdf83249b8abd073
-
SSDEEP
6144:ijFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMwXtIoS:iFy9bPQZlFjrG0ZmYbwlXtIoS
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-