General
-
Target
4b0e0b0add966a824365a62ae8c72e2bf6517a7bd5f1197cf0fca07c09ab6877
-
Size
362KB
-
Sample
221123-s7rvpsdc39
-
MD5
d0e689cd46215ce61aa7cad5184f0c03
-
SHA1
993595b19cb80eec19c920c4798980ceac840472
-
SHA256
4b0e0b0add966a824365a62ae8c72e2bf6517a7bd5f1197cf0fca07c09ab6877
-
SHA512
c5116206fe39c828b12d7c9edc386a8f960ffc1f02c6af552b77f466e299d28c38a2e562d47937feb4e3d9bd2f9e6df4f5b63bcc1104777c3ada3a52df18f789
-
SSDEEP
6144:4cNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37lK2:4cW7KEZlPzCy37lb
Behavioral task
behavioral1
Sample
4b0e0b0add966a824365a62ae8c72e2bf6517a7bd5f1197cf0fca07c09ab6877.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest16
paullad14.no-ip.biz:1604
DC_MUTEX-3TP2MMM
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
xhjk8rhgncrY
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
4b0e0b0add966a824365a62ae8c72e2bf6517a7bd5f1197cf0fca07c09ab6877
-
Size
362KB
-
MD5
d0e689cd46215ce61aa7cad5184f0c03
-
SHA1
993595b19cb80eec19c920c4798980ceac840472
-
SHA256
4b0e0b0add966a824365a62ae8c72e2bf6517a7bd5f1197cf0fca07c09ab6877
-
SHA512
c5116206fe39c828b12d7c9edc386a8f960ffc1f02c6af552b77f466e299d28c38a2e562d47937feb4e3d9bd2f9e6df4f5b63bcc1104777c3ada3a52df18f789
-
SSDEEP
6144:4cNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37lK2:4cW7KEZlPzCy37lb
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-