General
-
Target
626dab42d424d40c23ae40bed02f3d826e404e964cca3877979a18b13a852c14
-
Size
658KB
-
Sample
221126-ptxbgsga3s
-
MD5
77877cbf3a974a22942251639c9b4f44
-
SHA1
8592457a1ed0d904845d9c4bc3434b30bcd626ff
-
SHA256
626dab42d424d40c23ae40bed02f3d826e404e964cca3877979a18b13a852c14
-
SHA512
6a8a1ec91f2482b7ea0211d41cf611b6ebe983c21211b875783362bcb02b03f3a1b4def2b41b6d0073cb65ec3a186585d2004795abc486a518db1c6769da7739
-
SSDEEP
12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h5:KZ1xuVVjfFoynPaVBUR8f+kN10EBH
Behavioral task
behavioral1
Sample
626dab42d424d40c23ae40bed02f3d826e404e964cca3877979a18b13a852c14.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
DC
platrat.no-ip.biz:200
DC_MUTEX-V7T9GZM
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ZsFDKmYnrqzM
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
rundll32
Targets
-
-
Target
626dab42d424d40c23ae40bed02f3d826e404e964cca3877979a18b13a852c14
-
Size
658KB
-
MD5
77877cbf3a974a22942251639c9b4f44
-
SHA1
8592457a1ed0d904845d9c4bc3434b30bcd626ff
-
SHA256
626dab42d424d40c23ae40bed02f3d826e404e964cca3877979a18b13a852c14
-
SHA512
6a8a1ec91f2482b7ea0211d41cf611b6ebe983c21211b875783362bcb02b03f3a1b4def2b41b6d0073cb65ec3a186585d2004795abc486a518db1c6769da7739
-
SSDEEP
12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h5:KZ1xuVVjfFoynPaVBUR8f+kN10EBH
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-