General
-
Target
fc19e6c67c655198981e72ec366a1ec7ef1e6898989763a9a5b64e0fa9d12575
-
Size
1003KB
-
Sample
221019-z1m2haghe6
-
MD5
91b53ce7219a69a4e49086fad526e215
-
SHA1
ef6f20371b97c8e85b713dc57b71b2347409ca87
-
SHA256
fc19e6c67c655198981e72ec366a1ec7ef1e6898989763a9a5b64e0fa9d12575
-
SHA512
9ecb6a71f511ec91b702e9f03e17cf04f2ebb1a243a72f0cf1b7e33515f233a4bb415120a3c2400f5579e8795fa9f85af58c06662e7bf77b68426cf380313eb4
-
SSDEEP
24576:9KVwEGQXIi+Bp6YEDv4AjdGLXtHiL3qSX:IVwE3x+r6YK4AjdGRHat
Static task
static1
Behavioral task
behavioral1
Sample
fc19e6c67c655198981e72ec366a1ec7ef1e6898989763a9a5b64e0fa9d12575.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fc19e6c67c655198981e72ec366a1ec7ef1e6898989763a9a5b64e0fa9d12575.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16_min
sameg.no-ip.biz:1604
DCMIN_MUTEX-HPKNNKB
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
FLtyyRlznqpT
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
fc19e6c67c655198981e72ec366a1ec7ef1e6898989763a9a5b64e0fa9d12575
-
Size
1003KB
-
MD5
91b53ce7219a69a4e49086fad526e215
-
SHA1
ef6f20371b97c8e85b713dc57b71b2347409ca87
-
SHA256
fc19e6c67c655198981e72ec366a1ec7ef1e6898989763a9a5b64e0fa9d12575
-
SHA512
9ecb6a71f511ec91b702e9f03e17cf04f2ebb1a243a72f0cf1b7e33515f233a4bb415120a3c2400f5579e8795fa9f85af58c06662e7bf77b68426cf380313eb4
-
SSDEEP
24576:9KVwEGQXIi+Bp6YEDv4AjdGLXtHiL3qSX:IVwE3x+r6YK4AjdGRHat
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-