General
-
Target
4787475f9db3bcd0753330fa904898e5ba4f63401d09a20929036e8ab512ba75
-
Size
1.1MB
-
Sample
221107-cf68bacdd6
-
MD5
058d38212447c0e8164820368f6f3d6f
-
SHA1
8f2d6bc502fd1c863ff962dd8e59c10558017507
-
SHA256
4787475f9db3bcd0753330fa904898e5ba4f63401d09a20929036e8ab512ba75
-
SHA512
f8e569fa81ff401c340bf3367ce86113c7c4fec76e52a170b7fdd102a19c9e22ae4fce97fd843a34bd6a5b8d154b8df055395abd5490d8eedd1cdd7c5a287118
-
SSDEEP
24576:LSZxSDTIfGPjHX6AqVizETalNJiKPDtM+oXB5uc2zedaa4k9+slgf:LSTOTr36AqAzaWMFR5oadaagso
Static task
static1
Behavioral task
behavioral1
Sample
4787475f9db3bcd0753330fa904898e5ba4f63401d09a20929036e8ab512ba75.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4787475f9db3bcd0753330fa904898e5ba4f63401d09a20929036e8ab512ba75.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
01
geoecon.no-ip.org:1604
DC_MUTEX-CZN9ESJ
-
InstallPath
Temps\msdcsc.exe
-
gencode
BdpaYroRpCHK
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
svhost
Targets
-
-
Target
4787475f9db3bcd0753330fa904898e5ba4f63401d09a20929036e8ab512ba75
-
Size
1.1MB
-
MD5
058d38212447c0e8164820368f6f3d6f
-
SHA1
8f2d6bc502fd1c863ff962dd8e59c10558017507
-
SHA256
4787475f9db3bcd0753330fa904898e5ba4f63401d09a20929036e8ab512ba75
-
SHA512
f8e569fa81ff401c340bf3367ce86113c7c4fec76e52a170b7fdd102a19c9e22ae4fce97fd843a34bd6a5b8d154b8df055395abd5490d8eedd1cdd7c5a287118
-
SSDEEP
24576:LSZxSDTIfGPjHX6AqVizETalNJiKPDtM+oXB5uc2zedaa4k9+slgf:LSTOTr36AqAzaWMFR5oadaagso
Score10/10-
Modifies WinLogon for persistence
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-