General
-
Target
7e233d077d2ab4224e34b970b371843d37137470854b80614e1a02f8731f107a
-
Size
658KB
-
Sample
221128-xswbssdf51
-
MD5
a9c31b29303e87cd5ba5eadc90605f17
-
SHA1
d8c341b64362cbe719d9590c229111fa8bf074bf
-
SHA256
7e233d077d2ab4224e34b970b371843d37137470854b80614e1a02f8731f107a
-
SHA512
06dfdec58fa204313e42d392e01dac2fc869a2d8f1cdfb3b98f740ef1a5621e9c283f3e7e91dc57d853a3943085d2ba39c0d9ab4743f9f2c66a2c90dd5713ca2
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hQ:+Z1xuVVjfFoynPaVBUR8f+kN10EBu
Behavioral task
behavioral1
Sample
7e233d077d2ab4224e34b970b371843d37137470854b80614e1a02f8731f107a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7e233d077d2ab4224e34b970b371843d37137470854b80614e1a02f8731f107a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Infected
euwpls.no-ip.biz:200
DCMIN_MUTEX-6X3ZAPA
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
Vy2x9xFF92PC
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
rundll32
Targets
-
-
Target
7e233d077d2ab4224e34b970b371843d37137470854b80614e1a02f8731f107a
-
Size
658KB
-
MD5
a9c31b29303e87cd5ba5eadc90605f17
-
SHA1
d8c341b64362cbe719d9590c229111fa8bf074bf
-
SHA256
7e233d077d2ab4224e34b970b371843d37137470854b80614e1a02f8731f107a
-
SHA512
06dfdec58fa204313e42d392e01dac2fc869a2d8f1cdfb3b98f740ef1a5621e9c283f3e7e91dc57d853a3943085d2ba39c0d9ab4743f9f2c66a2c90dd5713ca2
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hQ:+Z1xuVVjfFoynPaVBUR8f+kN10EBu
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-