General
-
Target
609128309dbf129d8f1cc8e3c14e0c84485a8092d93e17b8a3fc38e37f6f24da
-
Size
663KB
-
Sample
221126-2qe91sed3s
-
MD5
e54a1ca1c5c4259ad65bfe9d71e70080
-
SHA1
d6d388ace093d002dcfadff4daab1bdcdc74bd49
-
SHA256
609128309dbf129d8f1cc8e3c14e0c84485a8092d93e17b8a3fc38e37f6f24da
-
SHA512
c15b48d75b8e754f91d12bdb8938579bc814625f83662c4c78df8831af47c775db8368930d45b22acb3d008daacf2e1b9938467cc261a5716ec225391cf5d6ef
-
SSDEEP
12288:95xELLJZ0iUg9/L2V+7Xg8P99zhUOsNPNKw7fW/SphOY1Ij:9vsVOg98kP90OK7f64hOY1E
Static task
static1
Behavioral task
behavioral1
Sample
609128309dbf129d8f1cc8e3c14e0c84485a8092d93e17b8a3fc38e37f6f24da.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Guest16
markben390.no-ip.org:1604
DC_MUTEX-UU3AFB4
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Di8UpZmPhKYN
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
609128309dbf129d8f1cc8e3c14e0c84485a8092d93e17b8a3fc38e37f6f24da
-
Size
663KB
-
MD5
e54a1ca1c5c4259ad65bfe9d71e70080
-
SHA1
d6d388ace093d002dcfadff4daab1bdcdc74bd49
-
SHA256
609128309dbf129d8f1cc8e3c14e0c84485a8092d93e17b8a3fc38e37f6f24da
-
SHA512
c15b48d75b8e754f91d12bdb8938579bc814625f83662c4c78df8831af47c775db8368930d45b22acb3d008daacf2e1b9938467cc261a5716ec225391cf5d6ef
-
SSDEEP
12288:95xELLJZ0iUg9/L2V+7Xg8P99zhUOsNPNKw7fW/SphOY1Ij:9vsVOg98kP90OK7f64hOY1E
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-