General
-
Target
c704c4d969efd8e763ca9652d892da7c920001486bdf25c86a890166a0990ce1
-
Size
329KB
-
Sample
221125-ykhw6seb6t
-
MD5
077feedaf2385940d6cb6c485254592f
-
SHA1
105d08d7b083f2204df82ab591c69ebeeddb4299
-
SHA256
c704c4d969efd8e763ca9652d892da7c920001486bdf25c86a890166a0990ce1
-
SHA512
bb78dac12ccc5e84feed1849eb4433ae0850ac71b3df175613dc4bd0fcd520664cdf052345653bc8d48645179d269c3e55adb057f884947abb2e69252221562f
-
SSDEEP
6144:4Qg2zQOG2voQTgbCHEE/fNBLdT9/zxW4q1w12R8OUkYO/WJB:4QdG2wQTgblE3NldT9MZy12RsOk
Static task
static1
Behavioral task
behavioral1
Sample
c704c4d969efd8e763ca9652d892da7c920001486bdf25c86a890166a0990ce1.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Hacker
cpuexplorerwindows.no-ip.org:1000
DC_MUTEX-25175UU
-
InstallPath
explorer\msdcsc.exe
-
gencode
J2mfaePjL8uT
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
c704c4d969efd8e763ca9652d892da7c920001486bdf25c86a890166a0990ce1
-
Size
329KB
-
MD5
077feedaf2385940d6cb6c485254592f
-
SHA1
105d08d7b083f2204df82ab591c69ebeeddb4299
-
SHA256
c704c4d969efd8e763ca9652d892da7c920001486bdf25c86a890166a0990ce1
-
SHA512
bb78dac12ccc5e84feed1849eb4433ae0850ac71b3df175613dc4bd0fcd520664cdf052345653bc8d48645179d269c3e55adb057f884947abb2e69252221562f
-
SSDEEP
6144:4Qg2zQOG2voQTgbCHEE/fNBLdT9/zxW4q1w12R8OUkYO/WJB:4QdG2wQTgblE3NldT9MZy12RsOk
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-