General
-
Target
85fdde2e17ec0b56ce564a98c6220745c6950f44932abe5dce5cba66605db2bc
-
Size
261KB
-
Sample
221123-xkfalsac3v
-
MD5
4530a82649bd16a3a7baa70faa1caa50
-
SHA1
f9ce0ceaa7bccf18ef23570e0d550d9b43e9e166
-
SHA256
85fdde2e17ec0b56ce564a98c6220745c6950f44932abe5dce5cba66605db2bc
-
SHA512
3721f299f303b8c040a43a020a09fb55ef412b59d597e1bc6b8a3e5bc886afc44859832693c45e6eef5ff0f5d83760f81bb78bb59c5b3c7d656f277b5b63fb30
-
SSDEEP
6144:Hco4dnaXTsWxDcQHlemO9fRI6oh/h8oGWINlmR9wryQ:8PnaDskYaAmU66yh5GHD09AyQ
Behavioral task
behavioral1
Sample
85fdde2e17ec0b56ce564a98c6220745c6950f44932abe5dce5cba66605db2bc.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
hack
bikaalov.noip.me:1604
DC_MUTEX-7G2PFJD
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
tKukSM5w3M83
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
85fdde2e17ec0b56ce564a98c6220745c6950f44932abe5dce5cba66605db2bc
-
Size
261KB
-
MD5
4530a82649bd16a3a7baa70faa1caa50
-
SHA1
f9ce0ceaa7bccf18ef23570e0d550d9b43e9e166
-
SHA256
85fdde2e17ec0b56ce564a98c6220745c6950f44932abe5dce5cba66605db2bc
-
SHA512
3721f299f303b8c040a43a020a09fb55ef412b59d597e1bc6b8a3e5bc886afc44859832693c45e6eef5ff0f5d83760f81bb78bb59c5b3c7d656f277b5b63fb30
-
SSDEEP
6144:Hco4dnaXTsWxDcQHlemO9fRI6oh/h8oGWINlmR9wryQ:8PnaDskYaAmU66yh5GHD09AyQ
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-