General
-
Target
09bfb1d25b618885b0194f38a0ce00baf6730bbb7d77729ffa56cb1066d0f027
-
Size
332KB
-
Sample
221123-s7vlladc43
-
MD5
febad9528996280bd43136cc003d647f
-
SHA1
cf955390533e9d4bf2ce02ade42e7c58ddcd1c83
-
SHA256
09bfb1d25b618885b0194f38a0ce00baf6730bbb7d77729ffa56cb1066d0f027
-
SHA512
eea93e8b6a870abdf22ba339588ec1f40e38cfd1e5794ad8e026ea8c796d425a4dbd9551775261c14b2d5dc9cbd4db3122b859859e8a6e830c4b904f7ba78efb
-
SSDEEP
6144:04buZLK2Qxnkz45Se1zKLLpRlLOze0eUge9EOw0+TOnlQJB0zL8:04buZ22Qx7Se1+1Rlo3eBAJ+inuJn
Static task
static1
Behavioral task
behavioral1
Sample
09bfb1d25b618885b0194f38a0ce00baf6730bbb7d77729ffa56cb1066d0f027.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
DarkComet
darthangel.ddns.net:20000
tacoflocka.zapto.org:20000
DC_MUTEX-MWH7CVZ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
kc5F7AaTTT1P
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
09bfb1d25b618885b0194f38a0ce00baf6730bbb7d77729ffa56cb1066d0f027
-
Size
332KB
-
MD5
febad9528996280bd43136cc003d647f
-
SHA1
cf955390533e9d4bf2ce02ade42e7c58ddcd1c83
-
SHA256
09bfb1d25b618885b0194f38a0ce00baf6730bbb7d77729ffa56cb1066d0f027
-
SHA512
eea93e8b6a870abdf22ba339588ec1f40e38cfd1e5794ad8e026ea8c796d425a4dbd9551775261c14b2d5dc9cbd4db3122b859859e8a6e830c4b904f7ba78efb
-
SSDEEP
6144:04buZLK2Qxnkz45Se1zKLLpRlLOze0eUge9EOw0+TOnlQJB0zL8:04buZ22Qx7Se1+1Rlo3eBAJ+inuJn
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-