General
-
Target
73078c58d3aef5c83895fb292b022f1f231316086ff36738b7544d53de6d2069
-
Size
1.1MB
-
Sample
221019-2hdffsbdgk
-
MD5
91ee0282e9f410dd9252c1ad587754c0
-
SHA1
5f4583af94866be0c47660648f886f13dc362166
-
SHA256
73078c58d3aef5c83895fb292b022f1f231316086ff36738b7544d53de6d2069
-
SHA512
cb9ecb97c77a9ffc02ff165ff2f9fd94192d47622c9b0b085929d4e4c87c64909c3a241092430329f0b72037f4239ad67c302f4b6709025db1df4b85303cfc43
-
SSDEEP
24576:nTSwSWCpF7YXvPWLuXS/2457DUsOqdGXmh4ACL:nTSwSnppYfPw/pS5O2
Static task
static1
Behavioral task
behavioral1
Sample
73078c58d3aef5c83895fb292b022f1f231316086ff36738b7544d53de6d2069.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
OrjiFresh
192.111.149.142:200
DC_MUTEX-EHWJ94V
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
seU988lBxdRw
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
73078c58d3aef5c83895fb292b022f1f231316086ff36738b7544d53de6d2069
-
Size
1.1MB
-
MD5
91ee0282e9f410dd9252c1ad587754c0
-
SHA1
5f4583af94866be0c47660648f886f13dc362166
-
SHA256
73078c58d3aef5c83895fb292b022f1f231316086ff36738b7544d53de6d2069
-
SHA512
cb9ecb97c77a9ffc02ff165ff2f9fd94192d47622c9b0b085929d4e4c87c64909c3a241092430329f0b72037f4239ad67c302f4b6709025db1df4b85303cfc43
-
SSDEEP
24576:nTSwSWCpF7YXvPWLuXS/2457DUsOqdGXmh4ACL:nTSwSnppYfPw/pS5O2
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-