General
-
Target
543394da5acf56888658750e042d9131faf12f02bb7818fbb342e257ab8882c2
-
Size
541KB
-
Sample
221019-2tta2sbhhj
-
MD5
8289386cad8460ee2d0df5cb19c61e70
-
SHA1
87477deed0def74b695f9f3d95e403ecfa4a78d1
-
SHA256
543394da5acf56888658750e042d9131faf12f02bb7818fbb342e257ab8882c2
-
SHA512
45775e66a586660c1284a53266fbd287fa4440926d84b6bf1f9ba5d9c68744e8e6d7d514eb6682667da6ce72c8e794122321ca1bdf8cc1f329d26fa814cef931
-
SSDEEP
12288:+r6ZCnsmTcLYHuBQq191YaltymewkwWoOVU8bdyy:+WZChhHQV91hpBWo8b
Static task
static1
Behavioral task
behavioral1
Sample
543394da5acf56888658750e042d9131faf12f02bb7818fbb342e257ab8882c2.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
apexdc
worm-core.serveftp.com:1604
DC_MUTEX-WJ05YVG
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
iXpSTCMphowF
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Windows Update
Targets
-
-
Target
543394da5acf56888658750e042d9131faf12f02bb7818fbb342e257ab8882c2
-
Size
541KB
-
MD5
8289386cad8460ee2d0df5cb19c61e70
-
SHA1
87477deed0def74b695f9f3d95e403ecfa4a78d1
-
SHA256
543394da5acf56888658750e042d9131faf12f02bb7818fbb342e257ab8882c2
-
SHA512
45775e66a586660c1284a53266fbd287fa4440926d84b6bf1f9ba5d9c68744e8e6d7d514eb6682667da6ce72c8e794122321ca1bdf8cc1f329d26fa814cef931
-
SSDEEP
12288:+r6ZCnsmTcLYHuBQq191YaltymewkwWoOVU8bdyy:+WZChhHQV91hpBWo8b
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-