General
-
Target
ab1477722843a045b21dd70fa847f760e82e2cc9750a6947dbda59fd9c7cdc3e
-
Size
658KB
-
Sample
221029-3rrvwacbb4
-
MD5
840b5eeea3176f01d5852f76e769c5f6
-
SHA1
5c0a4613ecc7a354cf53cde8643861b58bf737a4
-
SHA256
ab1477722843a045b21dd70fa847f760e82e2cc9750a6947dbda59fd9c7cdc3e
-
SHA512
6aeda1c472ff8bd3b12cf7e3b48620914353607aa0883b984a4b4044910f2034738be68cc2d677f3ea3a2776ae3ad48e843c3942400cc33af8c899f93885ad92
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hP:+Z1xuVVjfFoynPaVBUR8f+kN10EBh
Behavioral task
behavioral1
Sample
ab1477722843a045b21dd70fa847f760e82e2cc9750a6947dbda59fd9c7cdc3e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ab1477722843a045b21dd70fa847f760e82e2cc9750a6947dbda59fd9c7cdc3e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
1
c0k3.no-ip.org:1604
DC_MUTEX-8H85MRV
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ZXqyaXHT9LjV
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
ab1477722843a045b21dd70fa847f760e82e2cc9750a6947dbda59fd9c7cdc3e
-
Size
658KB
-
MD5
840b5eeea3176f01d5852f76e769c5f6
-
SHA1
5c0a4613ecc7a354cf53cde8643861b58bf737a4
-
SHA256
ab1477722843a045b21dd70fa847f760e82e2cc9750a6947dbda59fd9c7cdc3e
-
SHA512
6aeda1c472ff8bd3b12cf7e3b48620914353607aa0883b984a4b4044910f2034738be68cc2d677f3ea3a2776ae3ad48e843c3942400cc33af8c899f93885ad92
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hP:+Z1xuVVjfFoynPaVBUR8f+kN10EBh
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-