General
-
Target
d1fcdfab2528836fe46050e62945ac2ed469093e87644c102aa5cebf4278201b
-
Size
658KB
-
Sample
221126-cgcp4adf47
-
MD5
c8220b0dfa302111f1621d9ad0b677bf
-
SHA1
7320a73872404ad0d9ed6745ff2568c62ebacdd8
-
SHA256
d1fcdfab2528836fe46050e62945ac2ed469093e87644c102aa5cebf4278201b
-
SHA512
fbba349103a60e6d30cd62e339e91a582076d15292bff7c0780218f7cbdf3f48d2835d35e341335247addc6a39a08ebee3e8bc6c7ec915be2d2dfe403c727e11
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hz:eZ1xuVVjfFoynPaVBUR8f+kN10EBh
Behavioral task
behavioral1
Sample
d1fcdfab2528836fe46050e62945ac2ed469093e87644c102aa5cebf4278201b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d1fcdfab2528836fe46050e62945ac2ed469093e87644c102aa5cebf4278201b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
YouTube
disorbs.no-ip.org:1604
DC_MUTEX-EDGJS65
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
CHnkcJrx70WL
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
d1fcdfab2528836fe46050e62945ac2ed469093e87644c102aa5cebf4278201b
-
Size
658KB
-
MD5
c8220b0dfa302111f1621d9ad0b677bf
-
SHA1
7320a73872404ad0d9ed6745ff2568c62ebacdd8
-
SHA256
d1fcdfab2528836fe46050e62945ac2ed469093e87644c102aa5cebf4278201b
-
SHA512
fbba349103a60e6d30cd62e339e91a582076d15292bff7c0780218f7cbdf3f48d2835d35e341335247addc6a39a08ebee3e8bc6c7ec915be2d2dfe403c727e11
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hz:eZ1xuVVjfFoynPaVBUR8f+kN10EBh
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-