General
-
Target
ca582eb808454d1cde38c8b2f774edb3c73241b37e95ad369afaea95ca83e7fa
-
Size
690KB
-
Sample
221020-lwsjjageb9
-
MD5
80267c15810275b30d9c5d1f2bd57fa4
-
SHA1
124b3dd84f4eb5b0ddfe679c832d83b6b75d73ff
-
SHA256
ca582eb808454d1cde38c8b2f774edb3c73241b37e95ad369afaea95ca83e7fa
-
SHA512
65ebc3e2b945b173b3fbe4e7c69ca291e8d574cce0c80a3fa8caef997a80ef98cc919335823bc90a053bf42a70f2ba9cee83a9d77f4948d9262d90019729b2c3
-
SSDEEP
12288:59HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hzW:DZ1xuVVjfFoynPaVBUR8f+kN10EBk
Behavioral task
behavioral1
Sample
ca582eb808454d1cde38c8b2f774edb3c73241b37e95ad369afaea95ca83e7fa.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
victime
mysteranonymous.zapto.org:1604
DC_MUTEX-TU1DCJY
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
uzgErSzmfQYY
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
ca582eb808454d1cde38c8b2f774edb3c73241b37e95ad369afaea95ca83e7fa
-
Size
690KB
-
MD5
80267c15810275b30d9c5d1f2bd57fa4
-
SHA1
124b3dd84f4eb5b0ddfe679c832d83b6b75d73ff
-
SHA256
ca582eb808454d1cde38c8b2f774edb3c73241b37e95ad369afaea95ca83e7fa
-
SHA512
65ebc3e2b945b173b3fbe4e7c69ca291e8d574cce0c80a3fa8caef997a80ef98cc919335823bc90a053bf42a70f2ba9cee83a9d77f4948d9262d90019729b2c3
-
SSDEEP
12288:59HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hzW:DZ1xuVVjfFoynPaVBUR8f+kN10EBk
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-