General
-
Target
78f119546654d1e4236221242d84ab342e558c382bc7174c6062c9ffae1c6447
-
Size
756KB
-
Sample
221123-s6dxfsdb63
-
MD5
90a107c3d53c5cbecd748bce9005add6
-
SHA1
1a8ad010c53cd75af7d42cd22b90075d14e4842c
-
SHA256
78f119546654d1e4236221242d84ab342e558c382bc7174c6062c9ffae1c6447
-
SHA512
9f943fb6d0424694646398880e0706a69db68216cbef00351b6a1d3457f621cd5965d570068f53ecee107130f506eb395a7e021662a82f13bc746ff88a63bfbc
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hG:eZ1xuVVjfFoynPaVBUR8f+kN10EBg
Behavioral task
behavioral1
Sample
78f119546654d1e4236221242d84ab342e558c382bc7174c6062c9ffae1c6447.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest16
jonas24.no-ip.biz:1630
DC_MUTEX-FYQ3L58
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
oVsFPxtqM18C
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
78f119546654d1e4236221242d84ab342e558c382bc7174c6062c9ffae1c6447
-
Size
756KB
-
MD5
90a107c3d53c5cbecd748bce9005add6
-
SHA1
1a8ad010c53cd75af7d42cd22b90075d14e4842c
-
SHA256
78f119546654d1e4236221242d84ab342e558c382bc7174c6062c9ffae1c6447
-
SHA512
9f943fb6d0424694646398880e0706a69db68216cbef00351b6a1d3457f621cd5965d570068f53ecee107130f506eb395a7e021662a82f13bc746ff88a63bfbc
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hG:eZ1xuVVjfFoynPaVBUR8f+kN10EBg
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-