General
-
Target
98f8775972ce2b704de74a952c53101a4d42f777ba1214db227985adcf12c934
-
Size
908KB
-
Sample
221021-wzvs6saac8
-
MD5
117f5f5a40175e5b63b937fa63645ca5
-
SHA1
715119d908b7101e9797166e6f5d1438e2a51df2
-
SHA256
98f8775972ce2b704de74a952c53101a4d42f777ba1214db227985adcf12c934
-
SHA512
3d08e067ab0f6ff730bd5cdcbf6a3b20a546a8b401abbe23b059f810e3f82aed208908673d552774482ac93f9c3373ccb4fca97b5e99afd78ef8f6800ea3fe61
-
SSDEEP
24576:k5Xf3yEvbZQGACw+RtY/+TVJIsK/BJt977B:CXfyEvqYY+ToX977B
Static task
static1
Behavioral task
behavioral1
Sample
98f8775972ce2b704de74a952c53101a4d42f777ba1214db227985adcf12c934.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Test1
jordanshaw.no-ip.biz:23712
DC_MUTEX-EZPTVK1
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
tgPdxeA573G3
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Rundll32
Targets
-
-
Target
98f8775972ce2b704de74a952c53101a4d42f777ba1214db227985adcf12c934
-
Size
908KB
-
MD5
117f5f5a40175e5b63b937fa63645ca5
-
SHA1
715119d908b7101e9797166e6f5d1438e2a51df2
-
SHA256
98f8775972ce2b704de74a952c53101a4d42f777ba1214db227985adcf12c934
-
SHA512
3d08e067ab0f6ff730bd5cdcbf6a3b20a546a8b401abbe23b059f810e3f82aed208908673d552774482ac93f9c3373ccb4fca97b5e99afd78ef8f6800ea3fe61
-
SSDEEP
24576:k5Xf3yEvbZQGACw+RtY/+TVJIsK/BJt977B:CXfyEvqYY+ToX977B
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-