General
-
Target
39116035169ea9c544db5746e7c39729d4072bfe4d792afe02a726fac321ffbd
-
Size
658KB
-
Sample
221127-xy7xsacb64
-
MD5
0adfe43ac6185801448fc4ab1b4e1303
-
SHA1
f391453f17beeed40cf4a8a232d538b931ecc888
-
SHA256
39116035169ea9c544db5746e7c39729d4072bfe4d792afe02a726fac321ffbd
-
SHA512
5626bbb112200b00655c2ab7a7ac4d4897d96e6995043cacadaf99c8d04f250512594cea9fe510af77c9983da1b1614448478f00773c8b47a62dfa64536336fd
-
SSDEEP
12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h/:qZ1xuVVjfFoynPaVBUR8f+kN10EBx
Behavioral task
behavioral1
Sample
39116035169ea9c544db5746e7c39729d4072bfe4d792afe02a726fac321ffbd.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
System
adknxxxxxx.ddns.net:1604
DC_MUTEX-YD9TJ9S
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
TUbLiSM9jJeW
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
39116035169ea9c544db5746e7c39729d4072bfe4d792afe02a726fac321ffbd
-
Size
658KB
-
MD5
0adfe43ac6185801448fc4ab1b4e1303
-
SHA1
f391453f17beeed40cf4a8a232d538b931ecc888
-
SHA256
39116035169ea9c544db5746e7c39729d4072bfe4d792afe02a726fac321ffbd
-
SHA512
5626bbb112200b00655c2ab7a7ac4d4897d96e6995043cacadaf99c8d04f250512594cea9fe510af77c9983da1b1614448478f00773c8b47a62dfa64536336fd
-
SSDEEP
12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h/:qZ1xuVVjfFoynPaVBUR8f+kN10EBx
-
Modifies WinLogon for persistence
-
Modifies security service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-