General
-
Target
a388d70926f91a010bdbaac36a277e8c4aed820d7d223e11bf387352b3b77e9e
-
Size
690KB
-
Sample
221119-leyn8ahh6y
-
MD5
527532ba8c387b294cd05e3e4a579dc6
-
SHA1
e829080f98b7f7b94c25d7f08b6e56ca349904c5
-
SHA256
a388d70926f91a010bdbaac36a277e8c4aed820d7d223e11bf387352b3b77e9e
-
SHA512
44565f37619ff4b642204e31ac11fda8587e7bff6b21e14ded0068aee53febfef824ffe6ba64dbd828502d799f665f1ac53181aacc415a4e3b3546c7f30b0b6b
-
SSDEEP
12288:Z9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hJy:jZ1xuVVjfFoynPaVBUR8f+kN10EB+
Behavioral task
behavioral1
Sample
a388d70926f91a010bdbaac36a277e8c4aed820d7d223e11bf387352b3b77e9e.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Bot
dms17.no-ip.org:1604
127.0.0.1:1604
DC_MUTEX-DGLFPKJ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
UPrqceYJUHhe
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
a388d70926f91a010bdbaac36a277e8c4aed820d7d223e11bf387352b3b77e9e
-
Size
690KB
-
MD5
527532ba8c387b294cd05e3e4a579dc6
-
SHA1
e829080f98b7f7b94c25d7f08b6e56ca349904c5
-
SHA256
a388d70926f91a010bdbaac36a277e8c4aed820d7d223e11bf387352b3b77e9e
-
SHA512
44565f37619ff4b642204e31ac11fda8587e7bff6b21e14ded0068aee53febfef824ffe6ba64dbd828502d799f665f1ac53181aacc415a4e3b3546c7f30b0b6b
-
SSDEEP
12288:Z9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hJy:jZ1xuVVjfFoynPaVBUR8f+kN10EB+
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-