General
-
Target
22c21ad12d722697249f340f16beaedd7ded1f723b5105fe7a39152fc0ff2b4e
-
Size
249KB
-
Sample
221123-s6qk9adb79
-
MD5
9825e112d3c8c3f0f7a095752425f27f
-
SHA1
ff5c178e44b567f03f81be5e7abe4b1f7bb37225
-
SHA256
22c21ad12d722697249f340f16beaedd7ded1f723b5105fe7a39152fc0ff2b4e
-
SHA512
b047001e9b53753ad2752d44afc0474a79791f87b51b5dd20ec668bf5be06387629c410d1e933482262af29bfda56c84757a11b718c04ff3962e83a2402d52dc
-
SSDEEP
6144:uwT5O7pJmNB6dLY6dCnnsyZLHoaIyv6ocU/qxDS2xDWb3cw:uP+NULZdCn3TbncU2D7Ab3
Behavioral task
behavioral1
Sample
22c21ad12d722697249f340f16beaedd7ded1f723b5105fe7a39152fc0ff2b4e.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
v1
darthangel.ddns.net:20000
DC_MUTEX-BVAGP6T
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
i2Jm1A4Qw7RV
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
22c21ad12d722697249f340f16beaedd7ded1f723b5105fe7a39152fc0ff2b4e
-
Size
249KB
-
MD5
9825e112d3c8c3f0f7a095752425f27f
-
SHA1
ff5c178e44b567f03f81be5e7abe4b1f7bb37225
-
SHA256
22c21ad12d722697249f340f16beaedd7ded1f723b5105fe7a39152fc0ff2b4e
-
SHA512
b047001e9b53753ad2752d44afc0474a79791f87b51b5dd20ec668bf5be06387629c410d1e933482262af29bfda56c84757a11b718c04ff3962e83a2402d52dc
-
SSDEEP
6144:uwT5O7pJmNB6dLY6dCnnsyZLHoaIyv6ocU/qxDS2xDWb3cw:uP+NULZdCn3TbncU2D7Ab3
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-