General
-
Target
83a7f5dff75191313645cf4b5826b8f5e70cfae04b9cdc37f12ee94dfa714c13
-
Size
896KB
-
Sample
221014-l549paaeg6
-
MD5
465cd7d12a6d172b5e63fb3d73dfeeee
-
SHA1
2c2e806aee3159acfd50060c4480967dc4ea9ef9
-
SHA256
83a7f5dff75191313645cf4b5826b8f5e70cfae04b9cdc37f12ee94dfa714c13
-
SHA512
5eee4992caf7c3405f93b86ab5fadd2dcdaa59d2360f4cfe43a1d64c5241b978ec7d0205a68ab0f7f6cc2084226ec4b695e711608a10b585daccb792ad6b3977
-
SSDEEP
24576:9m22dzbkoGp0bfLpE5/MccfwuwpnrgQaL:02ikCwnJ
Static task
static1
Behavioral task
behavioral1
Sample
83a7f5dff75191313645cf4b5826b8f5e70cfae04b9cdc37f12ee94dfa714c13.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
r3dz80.no-ip.biz:1604
DC_MUTEX-BLY4NYD
-
InstallPath
MSC\mscsc.exe
-
gencode
CpD5oSVX2oqz
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
pdate
Targets
-
-
Target
83a7f5dff75191313645cf4b5826b8f5e70cfae04b9cdc37f12ee94dfa714c13
-
Size
896KB
-
MD5
465cd7d12a6d172b5e63fb3d73dfeeee
-
SHA1
2c2e806aee3159acfd50060c4480967dc4ea9ef9
-
SHA256
83a7f5dff75191313645cf4b5826b8f5e70cfae04b9cdc37f12ee94dfa714c13
-
SHA512
5eee4992caf7c3405f93b86ab5fadd2dcdaa59d2360f4cfe43a1d64c5241b978ec7d0205a68ab0f7f6cc2084226ec4b695e711608a10b585daccb792ad6b3977
-
SSDEEP
24576:9m22dzbkoGp0bfLpE5/MccfwuwpnrgQaL:02ikCwnJ
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-