General
-
Target
dafd90ea443252b18583fd96f2da4c277e258ff5afa495b512c14070f0fe0f67
-
Size
963KB
-
Sample
221129-1zq77sfb9t
-
MD5
a10d8267ed0b2eeb663c3caef247ba3c
-
SHA1
a9931587dab4f70a091bc7c0e59097bfc10229fd
-
SHA256
dafd90ea443252b18583fd96f2da4c277e258ff5afa495b512c14070f0fe0f67
-
SHA512
89d2f1a1a5aa26b9bb3b03558c39d22d955c7a845b7ffa750f4635b586c46a6c4c5d4676afb2f4f6ecd0005da9ccc2fbf5d74096f0f2821fb21864b833beece9
-
SSDEEP
12288:EJIN4VW2o/LW0NHX68XU9sUX9T8+3M2UBvSwo9nKeK3wz:ESV/S0NPK1CWMTxkKeKA
Static task
static1
Behavioral task
behavioral1
Sample
dafd90ea443252b18583fd96f2da4c277e258ff5afa495b512c14070f0fe0f67.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Love
pet105.no-ip.biz:100
DC_MUTEX-TNT8SFG
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
JJbwi9MArQ9S
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
dafd90ea443252b18583fd96f2da4c277e258ff5afa495b512c14070f0fe0f67
-
Size
963KB
-
MD5
a10d8267ed0b2eeb663c3caef247ba3c
-
SHA1
a9931587dab4f70a091bc7c0e59097bfc10229fd
-
SHA256
dafd90ea443252b18583fd96f2da4c277e258ff5afa495b512c14070f0fe0f67
-
SHA512
89d2f1a1a5aa26b9bb3b03558c39d22d955c7a845b7ffa750f4635b586c46a6c4c5d4676afb2f4f6ecd0005da9ccc2fbf5d74096f0f2821fb21864b833beece9
-
SSDEEP
12288:EJIN4VW2o/LW0NHX68XU9sUX9T8+3M2UBvSwo9nKeK3wz:ESV/S0NPK1CWMTxkKeKA
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-