General
-
Target
42a93d7205a88d8f72a62bef30f855fa3662f8d96ca5c90c033bd7dd555238ad
-
Size
658KB
-
Sample
221126-whjdtacg62
-
MD5
41e39fc0ab363cd35fff3594134777b4
-
SHA1
ccef504edaef4c92d3586a1d269506a1a9bb181a
-
SHA256
42a93d7205a88d8f72a62bef30f855fa3662f8d96ca5c90c033bd7dd555238ad
-
SHA512
bfe954804f36438292f8e8804824823cee39be90e8d683a9827b6de466cf563b0340a24d3af8b91d2ce6cb031caac0df32394c55c72f90a5361c96858c9b1042
-
SSDEEP
12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/ha:KZ1xuVVjfFoynPaVBUR8f+kN10EB4
Behavioral task
behavioral1
Sample
42a93d7205a88d8f72a62bef30f855fa3662f8d96ca5c90c033bd7dd555238ad.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
HF
ambro.ddns.net:1604
DC_MUTEX-FHGVDQZ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
u7a8sNW0Gw40
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
42a93d7205a88d8f72a62bef30f855fa3662f8d96ca5c90c033bd7dd555238ad
-
Size
658KB
-
MD5
41e39fc0ab363cd35fff3594134777b4
-
SHA1
ccef504edaef4c92d3586a1d269506a1a9bb181a
-
SHA256
42a93d7205a88d8f72a62bef30f855fa3662f8d96ca5c90c033bd7dd555238ad
-
SHA512
bfe954804f36438292f8e8804824823cee39be90e8d683a9827b6de466cf563b0340a24d3af8b91d2ce6cb031caac0df32394c55c72f90a5361c96858c9b1042
-
SSDEEP
12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/ha:KZ1xuVVjfFoynPaVBUR8f+kN10EB4
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-