General
-
Target
6d9bc21f8ee1effb69aafc1fa4ee2153c54572f12eb1b2022951694b1af109b8
-
Size
907KB
-
Sample
221019-2j9v2sbedn
-
MD5
913b54db947f67d94d58823418f74aa0
-
SHA1
066eceedbc3174bcc93fdab828de31969744c4d4
-
SHA256
6d9bc21f8ee1effb69aafc1fa4ee2153c54572f12eb1b2022951694b1af109b8
-
SHA512
501145d4af6678c12143dc8a00f2a705a1393c52f792fb815da194558cdc301f8fefeab70236410851e29f9156d690a5218d2865295d2a18b4a4ebcafe7a6b57
-
SSDEEP
24576:VtxKCO6Bwy1yO9QTyFjqAaP+vg0iSx3J1z:Vtxr6O8yjQP+PHrz
Static task
static1
Behavioral task
behavioral1
Sample
6d9bc21f8ee1effb69aafc1fa4ee2153c54572f12eb1b2022951694b1af109b8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6d9bc21f8ee1effb69aafc1fa4ee2153c54572f12eb1b2022951694b1af109b8.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
hellohamid.no-ip.org:1604
DC_MUTEX-JAYYFG0
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
qfXdGq48XLNR
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
6d9bc21f8ee1effb69aafc1fa4ee2153c54572f12eb1b2022951694b1af109b8
-
Size
907KB
-
MD5
913b54db947f67d94d58823418f74aa0
-
SHA1
066eceedbc3174bcc93fdab828de31969744c4d4
-
SHA256
6d9bc21f8ee1effb69aafc1fa4ee2153c54572f12eb1b2022951694b1af109b8
-
SHA512
501145d4af6678c12143dc8a00f2a705a1393c52f792fb815da194558cdc301f8fefeab70236410851e29f9156d690a5218d2865295d2a18b4a4ebcafe7a6b57
-
SSDEEP
24576:VtxKCO6Bwy1yO9QTyFjqAaP+vg0iSx3J1z:Vtxr6O8yjQP+PHrz
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-