General
-
Target
ca95dbaff728d39facee54c3d97e445ccc97037ef13e63fab534730349d424c0
-
Size
1.1MB
-
Sample
221124-xye7rsde55
-
MD5
beee246f5eae578818a63ce9178f0f0c
-
SHA1
062f953736a7c6dd558eaf054a9f59aab431b7b2
-
SHA256
ca95dbaff728d39facee54c3d97e445ccc97037ef13e63fab534730349d424c0
-
SHA512
f4eed062f24c213eab4f0d9296df2a663b73583eb1ec00ea610765303c570b6628a3102f4eba7a83497a61f9f45aeb160ec7b60d8c0c3008fd77b11574da0b14
-
SSDEEP
24576:4vOTggIRfmQX3zRYC6FVZPv+FWe4Ys/E:0jYlDZ3+UT/E
Static task
static1
Behavioral task
behavioral1
Sample
ca95dbaff728d39facee54c3d97e445ccc97037ef13e63fab534730349d424c0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ca95dbaff728d39facee54c3d97e445ccc97037ef13e63fab534730349d424c0.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
connor122.no-ip.biz:3460
DC_MUTEX-MMYCS2M
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
bvvobbmQUgdP
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
ca95dbaff728d39facee54c3d97e445ccc97037ef13e63fab534730349d424c0
-
Size
1.1MB
-
MD5
beee246f5eae578818a63ce9178f0f0c
-
SHA1
062f953736a7c6dd558eaf054a9f59aab431b7b2
-
SHA256
ca95dbaff728d39facee54c3d97e445ccc97037ef13e63fab534730349d424c0
-
SHA512
f4eed062f24c213eab4f0d9296df2a663b73583eb1ec00ea610765303c570b6628a3102f4eba7a83497a61f9f45aeb160ec7b60d8c0c3008fd77b11574da0b14
-
SSDEEP
24576:4vOTggIRfmQX3zRYC6FVZPv+FWe4Ys/E:0jYlDZ3+UT/E
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-