General
-
Target
820ec01001e41115ae20b367113decd3aa549652d6f0eb677ecf44519f0d70b7
-
Size
690KB
-
Sample
221126-1qn2gsbe7v
-
MD5
3de246eb9d010063ce300153818e5be1
-
SHA1
0917adce4af364967ce71d4c9d3c206273045e83
-
SHA256
820ec01001e41115ae20b367113decd3aa549652d6f0eb677ecf44519f0d70b7
-
SHA512
f2bf5669287b2c4baad50ace30f971317dc254b713a2d516cf2049444590469c30c919bab8caf8043cf0a84d6f233cfd00ee71c14b1ba798b04a5c089ffef130
-
SSDEEP
12288:l9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hBB:vZ1xuVVjfFoynPaVBUR8f+kN10EBV
Behavioral task
behavioral1
Sample
820ec01001e41115ae20b367113decd3aa549652d6f0eb677ecf44519f0d70b7.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Hacker
docteurkkk.sytes.net:80
docteurkkk.sytes.net:81
jpasta.servemp3.com:81
jpasta.servemp3.com:80
DC_MUTEX-E0APM9B
-
InstallPath
MSDCSC\msdsc.exe
-
gencode
uREkEp3UCJUZ
-
install
true
-
offline_keylogger
true
-
password
sqd654
-
persistence
true
-
reg_key
rundll32
Targets
-
-
Target
820ec01001e41115ae20b367113decd3aa549652d6f0eb677ecf44519f0d70b7
-
Size
690KB
-
MD5
3de246eb9d010063ce300153818e5be1
-
SHA1
0917adce4af364967ce71d4c9d3c206273045e83
-
SHA256
820ec01001e41115ae20b367113decd3aa549652d6f0eb677ecf44519f0d70b7
-
SHA512
f2bf5669287b2c4baad50ace30f971317dc254b713a2d516cf2049444590469c30c919bab8caf8043cf0a84d6f233cfd00ee71c14b1ba798b04a5c089ffef130
-
SSDEEP
12288:l9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hBB:vZ1xuVVjfFoynPaVBUR8f+kN10EBV
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-