General
-
Target
26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96
-
Size
500KB
-
Sample
221125-x97fdsdd6z
-
MD5
cb33d7a4fc859295229b02ae68616319
-
SHA1
cf50c142931029523b9d9e324007ddc76854ce1a
-
SHA256
26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96
-
SHA512
82d0bf6aa5ded0e508a9c8e899fd1e21a117a4123d900a65c30244de2de3cccaa8304dcb288df75da256e29becd83d0f4ad7c828c2f1b3aef53167f962cbc695
-
SSDEEP
12288:8enj9tNRgj7lKLVajxrzBViuU+EoSK5VmuZvYmbV:jfaBKaRljX5VmIQI
Behavioral task
behavioral1
Sample
26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
millanman.no-ip.org:200
DC_MUTEX-1K6MQ48
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
lBPaol2uFc1q
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96
-
Size
500KB
-
MD5
cb33d7a4fc859295229b02ae68616319
-
SHA1
cf50c142931029523b9d9e324007ddc76854ce1a
-
SHA256
26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96
-
SHA512
82d0bf6aa5ded0e508a9c8e899fd1e21a117a4123d900a65c30244de2de3cccaa8304dcb288df75da256e29becd83d0f4ad7c828c2f1b3aef53167f962cbc695
-
SSDEEP
12288:8enj9tNRgj7lKLVajxrzBViuU+EoSK5VmuZvYmbV:jfaBKaRljX5VmIQI
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-