General
-
Target
bcd46cd761c8b2642bf2949b27eabd7137ab87bcec31668b38e232f3062d7304
-
Size
874KB
-
Sample
221126-cgl9jagh3z
-
MD5
f78322eb1a7178d96d5e5078080cec66
-
SHA1
047a97bcaeb4021d2ed6e15bf035216a3ea26b0a
-
SHA256
bcd46cd761c8b2642bf2949b27eabd7137ab87bcec31668b38e232f3062d7304
-
SHA512
7ba354300080d4d6792d6a1bf40d4a434be6e51283a72cb1287695b747b78d33dad6364a81a353e4cf5c2e5c80ec429d7b012c64ef75f48216850551e89b31aa
-
SSDEEP
24576:5Z1xuVVjfFoynPaVBUR8f+kN10EB2RGVQaS:jQDgok309SQaS
Behavioral task
behavioral1
Sample
bcd46cd761c8b2642bf2949b27eabd7137ab87bcec31668b38e232f3062d7304.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
ZOMBIE
hdycusje62bh5.no-ip.biz:666
DC_MUTEX-V6VMQ0J
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
rsW07CoVpt23
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
bcd46cd761c8b2642bf2949b27eabd7137ab87bcec31668b38e232f3062d7304
-
Size
874KB
-
MD5
f78322eb1a7178d96d5e5078080cec66
-
SHA1
047a97bcaeb4021d2ed6e15bf035216a3ea26b0a
-
SHA256
bcd46cd761c8b2642bf2949b27eabd7137ab87bcec31668b38e232f3062d7304
-
SHA512
7ba354300080d4d6792d6a1bf40d4a434be6e51283a72cb1287695b747b78d33dad6364a81a353e4cf5c2e5c80ec429d7b012c64ef75f48216850551e89b31aa
-
SSDEEP
24576:5Z1xuVVjfFoynPaVBUR8f+kN10EB2RGVQaS:jQDgok309SQaS
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-