General
-
Target
4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198
-
Size
604KB
-
Sample
221125-cqeaaahb51
-
MD5
46a36b28a6f07b76ea511a8ae0c2aa3a
-
SHA1
88de3a8bbeff45b802c5f5b19c7aacf88dd235ed
-
SHA256
4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198
-
SHA512
65b7b53c93b35b65d803fb4ba67ebae0fd42aafb5a71d7b14888da49286ef6dd9f731b8d033c9f86ef6bdeb1949ac46230ca6da05b3803419813dc134b79e83c
-
SSDEEP
12288:qDboBfrFT0u7kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk:7Bfr/HiJw7DxD
Static task
static1
Behavioral task
behavioral1
Sample
4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
REPAIRED
susanrosanne.ddns.net:8991
DC_MUTEX-MTLJCHX
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
v3RMsCdzjW76
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198
-
Size
604KB
-
MD5
46a36b28a6f07b76ea511a8ae0c2aa3a
-
SHA1
88de3a8bbeff45b802c5f5b19c7aacf88dd235ed
-
SHA256
4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198
-
SHA512
65b7b53c93b35b65d803fb4ba67ebae0fd42aafb5a71d7b14888da49286ef6dd9f731b8d033c9f86ef6bdeb1949ac46230ca6da05b3803419813dc134b79e83c
-
SSDEEP
12288:qDboBfrFT0u7kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk:7Bfr/HiJw7DxD
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-