General
-
Target
067da2f3df03a2df83b8420c44bcef19995a483179ec0f572777df86622ba461
-
Size
856KB
-
Sample
221124-ezjmgaca9x
-
MD5
0c6b3509bb5a0e67d037afa5eb523076
-
SHA1
3f8c601b9e3cf8af1b7a7f8e8b99f337caa97d9d
-
SHA256
067da2f3df03a2df83b8420c44bcef19995a483179ec0f572777df86622ba461
-
SHA512
b50df71b7ce1f4f5f67e235e137371d3ec6bc468428c6b2055451e19f468552d82161f20742fc874f44cf3130818b65d022c320788bf176da85d4d69a30b970d
-
SSDEEP
24576:HOGEY2LlIP8pKAWy8y60UOauWAFrYDz0M:JEYeIPH7OxVx5
Static task
static1
Behavioral task
behavioral1
Sample
067da2f3df03a2df83b8420c44bcef19995a483179ec0f572777df86622ba461.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
lundinzzz.no-ip.biz:1604
lundinzzz.no-ip.biz:82
DC_MUTEX-XK6B8QX
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
H8YYXHd9Vk1a
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
067da2f3df03a2df83b8420c44bcef19995a483179ec0f572777df86622ba461
-
Size
856KB
-
MD5
0c6b3509bb5a0e67d037afa5eb523076
-
SHA1
3f8c601b9e3cf8af1b7a7f8e8b99f337caa97d9d
-
SHA256
067da2f3df03a2df83b8420c44bcef19995a483179ec0f572777df86622ba461
-
SHA512
b50df71b7ce1f4f5f67e235e137371d3ec6bc468428c6b2055451e19f468552d82161f20742fc874f44cf3130818b65d022c320788bf176da85d4d69a30b970d
-
SSDEEP
24576:HOGEY2LlIP8pKAWy8y60UOauWAFrYDz0M:JEYeIPH7OxVx5
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-