General
-
Target
2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111
-
Size
658KB
-
Sample
221125-ljz3vagc74
-
MD5
95f8e456ac2d3c5a86b002596fb9015c
-
SHA1
902684ac2da80970b8d37a683485a8645d10468f
-
SHA256
2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111
-
SHA512
5820bb9fb23e009770f3aa5003b347a7d5730a24eb66eb7380c7b10e4adc679e0491de1bd47002a32985f3bb999e1f340de47905f5a32e9592f1f89934f32b6d
-
SSDEEP
12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hE:qZ1xuVVjfFoynPaVBUR8f+kN10EB2
Behavioral task
behavioral1
Sample
2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
All
deeside.ddns.net:1604
DC_MUTEX-Q7AJXN5
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Xdh5jBJVLZA4
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111
-
Size
658KB
-
MD5
95f8e456ac2d3c5a86b002596fb9015c
-
SHA1
902684ac2da80970b8d37a683485a8645d10468f
-
SHA256
2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111
-
SHA512
5820bb9fb23e009770f3aa5003b347a7d5730a24eb66eb7380c7b10e4adc679e0491de1bd47002a32985f3bb999e1f340de47905f5a32e9592f1f89934f32b6d
-
SSDEEP
12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hE:qZ1xuVVjfFoynPaVBUR8f+kN10EB2
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-