General
-
Target
99c729e892438d9b00c453b460eefa51c1739fd402e8c58c71b01a12643d55aa
-
Size
349KB
-
Sample
221122-y5z17afh47
-
MD5
201f5f02fc1285afd214c8f30d3c55a1
-
SHA1
b545aa3c8633d99c6f51d6d12f1ee15e05d25489
-
SHA256
99c729e892438d9b00c453b460eefa51c1739fd402e8c58c71b01a12643d55aa
-
SHA512
f74a13627192e7434067692633f9ca696a4aaaee3c9e2c6a7b97aebc4716f69922c1a337a5cffa999867d29b727c6d18ea52d1cf2774f8420b780b8cfe3df614
-
SSDEEP
6144:DcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37iQi:DcW7KEZlPzCy37
Behavioral task
behavioral1
Sample
99c729e892438d9b00c453b460eefa51c1739fd402e8c58c71b01a12643d55aa.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
SLAVES
jonas2000.no-ip.org:1700
DC_MUTEX-7VS54A6
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
jDkdF6ykRc7c
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
99c729e892438d9b00c453b460eefa51c1739fd402e8c58c71b01a12643d55aa
-
Size
349KB
-
MD5
201f5f02fc1285afd214c8f30d3c55a1
-
SHA1
b545aa3c8633d99c6f51d6d12f1ee15e05d25489
-
SHA256
99c729e892438d9b00c453b460eefa51c1739fd402e8c58c71b01a12643d55aa
-
SHA512
f74a13627192e7434067692633f9ca696a4aaaee3c9e2c6a7b97aebc4716f69922c1a337a5cffa999867d29b727c6d18ea52d1cf2774f8420b780b8cfe3df614
-
SSDEEP
6144:DcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37iQi:DcW7KEZlPzCy37
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-