General
-
Target
6fe18b376f52890d3a0800621c00e043996dbd2027899f84173b13b0b9394349
-
Size
791KB
-
Sample
221124-ehgfsaff65
-
MD5
32472c66a6a689be7e6903f1f360cec6
-
SHA1
29dfb3a5e493ae6cdf90bcf856ac9c497c4889ea
-
SHA256
6fe18b376f52890d3a0800621c00e043996dbd2027899f84173b13b0b9394349
-
SHA512
aad8455001ed3d53d6e05fec658cdb179798e5427143442fb41a5a7f1fd6ff402270773934478a5211bd2fe19292b96f7d91db723361a6d081602756305ebe9a
-
SSDEEP
12288:A9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hurfMb/:kZ1xuVVjfFoynPaVBUR8f+kN10EBwgb/
Behavioral task
behavioral1
Sample
6fe18b376f52890d3a0800621c00e043996dbd2027899f84173b13b0b9394349.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest22
leunam.ddns.net:1604
DC_MUTEX-CYTRPNC
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
NlD3lKCPlj6p
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
6fe18b376f52890d3a0800621c00e043996dbd2027899f84173b13b0b9394349
-
Size
791KB
-
MD5
32472c66a6a689be7e6903f1f360cec6
-
SHA1
29dfb3a5e493ae6cdf90bcf856ac9c497c4889ea
-
SHA256
6fe18b376f52890d3a0800621c00e043996dbd2027899f84173b13b0b9394349
-
SHA512
aad8455001ed3d53d6e05fec658cdb179798e5427143442fb41a5a7f1fd6ff402270773934478a5211bd2fe19292b96f7d91db723361a6d081602756305ebe9a
-
SSDEEP
12288:A9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hurfMb/:kZ1xuVVjfFoynPaVBUR8f+kN10EBwgb/
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-