General
-
Target
c1e539ef1d5ae993fa4c9058f4e2e6caf14e61226b349b191cdfa37e65b710a5
-
Size
1.1MB
-
Sample
221129-1zr5haca82
-
MD5
87f31938ba32ffe17ff1bbe96e076421
-
SHA1
97487d29f1cf63559d87d31fc03c20b2b4e4a911
-
SHA256
c1e539ef1d5ae993fa4c9058f4e2e6caf14e61226b349b191cdfa37e65b710a5
-
SHA512
8b23fd6549f998142f7a64e260736ae6293b84451ad73a80da3597ec482feccf27bebe2be32f2c89b711244a9f370d640114cae7d3d2104153205703006fffcf
-
SSDEEP
12288:pJIE4VW2o/LW0NHX68XU9sUX9T8+3M2UBvSwo9nKeK3wzuM/5Tdi77X9Z4YuL4:pSy/S0NPK1CWMTxkKeKAbdEX9Z4YuL4
Static task
static1
Behavioral task
behavioral1
Sample
c1e539ef1d5ae993fa4c9058f4e2e6caf14e61226b349b191cdfa37e65b710a5.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Love
pet105.no-ip.biz:100
DC_MUTEX-TNT8SFG
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
JJbwi9MArQ9S
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
c1e539ef1d5ae993fa4c9058f4e2e6caf14e61226b349b191cdfa37e65b710a5
-
Size
1.1MB
-
MD5
87f31938ba32ffe17ff1bbe96e076421
-
SHA1
97487d29f1cf63559d87d31fc03c20b2b4e4a911
-
SHA256
c1e539ef1d5ae993fa4c9058f4e2e6caf14e61226b349b191cdfa37e65b710a5
-
SHA512
8b23fd6549f998142f7a64e260736ae6293b84451ad73a80da3597ec482feccf27bebe2be32f2c89b711244a9f370d640114cae7d3d2104153205703006fffcf
-
SSDEEP
12288:pJIE4VW2o/LW0NHX68XU9sUX9T8+3M2UBvSwo9nKeK3wzuM/5Tdi77X9Z4YuL4:pSy/S0NPK1CWMTxkKeKAbdEX9Z4YuL4
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-