General
-
Target
2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5
-
Size
756KB
-
Sample
221128-qw1mcsfh82
-
MD5
2fa4b346f9d431e8bbfa63e6f1dcf6a1
-
SHA1
e8601bf601a9a2d0b1871fa49a05aab1cefec1b9
-
SHA256
2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5
-
SHA512
64cb8d487c9dd36204bcb0fba11b2c7ec384049221bf35ce2076242b63559f26010dbaca9bf962df9faf818d1549bec7153b41cccec8b188f2b116cda48138b4
-
SSDEEP
12288:n9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hVsvv/:BZ1xuVVjfFoynPaVBUR8f+kN10EBsvv/
Behavioral task
behavioral1
Sample
2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
R1
csgohackzz.ddns.net:1096
DC_MUTEX-46JEUN6
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
X6gK8NP6mhLx
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5
-
Size
756KB
-
MD5
2fa4b346f9d431e8bbfa63e6f1dcf6a1
-
SHA1
e8601bf601a9a2d0b1871fa49a05aab1cefec1b9
-
SHA256
2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5
-
SHA512
64cb8d487c9dd36204bcb0fba11b2c7ec384049221bf35ce2076242b63559f26010dbaca9bf962df9faf818d1549bec7153b41cccec8b188f2b116cda48138b4
-
SSDEEP
12288:n9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hVsvv/:BZ1xuVVjfFoynPaVBUR8f+kN10EBsvv/
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-