General
-
Target
92ca5e43bb22376cd1995ba5664a92690ee01b44930809619422fffe2f200e7c
-
Size
1009KB
-
Sample
221128-gnbtlaeh7t
-
MD5
e0fecd1853ec03f20e8d2cc28b7012da
-
SHA1
93a0a322615876ed4c625e0410ca1fdc08e8ad8b
-
SHA256
92ca5e43bb22376cd1995ba5664a92690ee01b44930809619422fffe2f200e7c
-
SHA512
efc56b9c045eef8df9072c99d28b7797b17e64fc337152ca7816975f608717f9b0df0c652e138f5fc071b7838e91f4460eed0ea99c668881b37e3863657191e9
-
SSDEEP
24576:w3/+i1/ShId2i5JZYb/v5goqv2rL7fimsAONU:wXO8g
Static task
static1
Behavioral task
behavioral1
Sample
92ca5e43bb22376cd1995ba5664a92690ee01b44930809619422fffe2f200e7c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
92ca5e43bb22376cd1995ba5664a92690ee01b44930809619422fffe2f200e7c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
RSACCS
trojanhasswag.chickenkiller.com:1337
DCMIN_MUTEX-SHQRVP8
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
PwMPh90f59Ky
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
92ca5e43bb22376cd1995ba5664a92690ee01b44930809619422fffe2f200e7c
-
Size
1009KB
-
MD5
e0fecd1853ec03f20e8d2cc28b7012da
-
SHA1
93a0a322615876ed4c625e0410ca1fdc08e8ad8b
-
SHA256
92ca5e43bb22376cd1995ba5664a92690ee01b44930809619422fffe2f200e7c
-
SHA512
efc56b9c045eef8df9072c99d28b7797b17e64fc337152ca7816975f608717f9b0df0c652e138f5fc071b7838e91f4460eed0ea99c668881b37e3863657191e9
-
SSDEEP
24576:w3/+i1/ShId2i5JZYb/v5goqv2rL7fimsAONU:wXO8g
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-