General
-
Target
eb2558f1d6f10f2731bd6fad365072708dfb5a7aa8f5df509205230678b419a0
-
Size
658KB
-
Sample
221018-yrczhaeaek
-
MD5
81bda7575d642a04b6f292f00084f4e9
-
SHA1
4c86d49c57459f59df22e300d74e2e63ac7b4f76
-
SHA256
eb2558f1d6f10f2731bd6fad365072708dfb5a7aa8f5df509205230678b419a0
-
SHA512
390375c1deb1277a6b1f12ee2ab0a73d7eccc322ef3d2b5a8cca89a42ec7b68f203c1107b99b3c6fcfe2c23b0019694f0ac3d878e237c198bc17184a22f22c89
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hX:eZ1xuVVjfFoynPaVBUR8f+kN10EBp
Behavioral task
behavioral1
Sample
eb2558f1d6f10f2731bd6fad365072708dfb5a7aa8f5df509205230678b419a0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
eb2558f1d6f10f2731bd6fad365072708dfb5a7aa8f5df509205230678b419a0.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16_min
xmarvel.ddns.net:1604
DCMIN_MUTEX-YU7TUH7
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
XKwYeofo54nG
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
eb2558f1d6f10f2731bd6fad365072708dfb5a7aa8f5df509205230678b419a0
-
Size
658KB
-
MD5
81bda7575d642a04b6f292f00084f4e9
-
SHA1
4c86d49c57459f59df22e300d74e2e63ac7b4f76
-
SHA256
eb2558f1d6f10f2731bd6fad365072708dfb5a7aa8f5df509205230678b419a0
-
SHA512
390375c1deb1277a6b1f12ee2ab0a73d7eccc322ef3d2b5a8cca89a42ec7b68f203c1107b99b3c6fcfe2c23b0019694f0ac3d878e237c198bc17184a22f22c89
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hX:eZ1xuVVjfFoynPaVBUR8f+kN10EBp
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-