General
-
Target
bef9fe00e494e887578ae0d9053e115bacb63c80b6cf6e6037b2441305c88ae9
-
Size
690KB
-
Sample
221107-tfr7tsehg6
-
MD5
2461a56cc107723c2bbbf1ca4531cda0
-
SHA1
c995b848906006b28a87ad7e6eeda3e7009d7d6d
-
SHA256
bef9fe00e494e887578ae0d9053e115bacb63c80b6cf6e6037b2441305c88ae9
-
SHA512
ec00f0bed2ac52f374c2e84bcfa6cdf990ed7d02d8ede549e69c2c85b8d57858863f65753cc24a3e719597d3d14f5361a92aa1eb80660e85fbbe0a5edb5c4417
-
SSDEEP
12288:p9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hi8:zZ1xuVVjfFoynPaVBUR8f+kN10EBR
Behavioral task
behavioral1
Sample
bef9fe00e494e887578ae0d9053e115bacb63c80b6cf6e6037b2441305c88ae9.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Hack
masakalasosas.no-ip.biz:1604
DC_MUTEX-WWW0WYT
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
lUw27RbiEGYV
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
rundl32
Targets
-
-
Target
bef9fe00e494e887578ae0d9053e115bacb63c80b6cf6e6037b2441305c88ae9
-
Size
690KB
-
MD5
2461a56cc107723c2bbbf1ca4531cda0
-
SHA1
c995b848906006b28a87ad7e6eeda3e7009d7d6d
-
SHA256
bef9fe00e494e887578ae0d9053e115bacb63c80b6cf6e6037b2441305c88ae9
-
SHA512
ec00f0bed2ac52f374c2e84bcfa6cdf990ed7d02d8ede549e69c2c85b8d57858863f65753cc24a3e719597d3d14f5361a92aa1eb80660e85fbbe0a5edb5c4417
-
SSDEEP
12288:p9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hi8:zZ1xuVVjfFoynPaVBUR8f+kN10EBR
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-