General
-
Target
69eaef360ae41bbded09803a082281ae8998946448afc708b47266c0b0fa73b0
-
Size
245KB
-
Sample
221123-x9bzgscc81
-
MD5
911c776e57493fbcac8cb7ac3d9341a2
-
SHA1
c5fb475d2a01e82c1fc5aae56569bb7562381774
-
SHA256
69eaef360ae41bbded09803a082281ae8998946448afc708b47266c0b0fa73b0
-
SHA512
c30aee0abdd9384c5654d6569edadf68d342999ad70c0a2efed99030a5be0bcb46f1fc7217cb06ae4cb34d38f94c56f198be83f6e1c0877e6d1becec09e0c4c9
-
SSDEEP
6144:IYLVBjW718M8n23sjpbZ5lTmJDId2bsETyCJTApip608n:fP671TL8jpVTmRXtJpApipF
Static task
static1
Behavioral task
behavioral1
Sample
69eaef360ae41bbded09803a082281ae8998946448afc708b47266c0b0fa73b0.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
1
vitafon007.noip.me:1604
DC_MUTEX-EUF3BGD
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
KAVwEguyVo7z
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
WinService
Targets
-
-
Target
69eaef360ae41bbded09803a082281ae8998946448afc708b47266c0b0fa73b0
-
Size
245KB
-
MD5
911c776e57493fbcac8cb7ac3d9341a2
-
SHA1
c5fb475d2a01e82c1fc5aae56569bb7562381774
-
SHA256
69eaef360ae41bbded09803a082281ae8998946448afc708b47266c0b0fa73b0
-
SHA512
c30aee0abdd9384c5654d6569edadf68d342999ad70c0a2efed99030a5be0bcb46f1fc7217cb06ae4cb34d38f94c56f198be83f6e1c0877e6d1becec09e0c4c9
-
SSDEEP
6144:IYLVBjW718M8n23sjpbZ5lTmJDId2bsETyCJTApip608n:fP671TL8jpVTmRXtJpApipF
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-