General
-
Target
cfcec6c8cf70f706967aa83596fa301a86685059869e6d5183cd1a6ebd8ef429
-
Size
28.3MB
-
Sample
221017-3hhkvadhbl
-
MD5
668c94eba455cc5ff70d132c321418ec
-
SHA1
02b9bc9efda3e7d1269a3c6d9dbcb04691a0416c
-
SHA256
cfcec6c8cf70f706967aa83596fa301a86685059869e6d5183cd1a6ebd8ef429
-
SHA512
4802bdf6cce94b4fd065affc5ff9470cf9a9892a2963df2567a28390ba3603456173f2571a3ae39ce08dc26b059cea5b2ea35865f732c24230059dbd0582185a
-
SSDEEP
786432:m5NgWSIq8kjHIVkNXqp5jIqsL9wMkuhVGxxGM+LePAREz+UNK/:mvp9GHIVkNap5jFC+Mkuh+GJLexTi
Behavioral task
behavioral1
Sample
cfcec6c8cf70f706967aa83596fa301a86685059869e6d5183cd1a6ebd8ef429.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Sazan
46.1.103.13:1604
DC_MUTEX-LFFAWM6
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
8mlW7yUboqwX
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
cfcec6c8cf70f706967aa83596fa301a86685059869e6d5183cd1a6ebd8ef429
-
Size
28.3MB
-
MD5
668c94eba455cc5ff70d132c321418ec
-
SHA1
02b9bc9efda3e7d1269a3c6d9dbcb04691a0416c
-
SHA256
cfcec6c8cf70f706967aa83596fa301a86685059869e6d5183cd1a6ebd8ef429
-
SHA512
4802bdf6cce94b4fd065affc5ff9470cf9a9892a2963df2567a28390ba3603456173f2571a3ae39ce08dc26b059cea5b2ea35865f732c24230059dbd0582185a
-
SSDEEP
786432:m5NgWSIq8kjHIVkNXqp5jIqsL9wMkuhVGxxGM+LePAREz+UNK/:mvp9GHIVkNap5jFC+Mkuh+GJLexTi
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-