General
-
Target
a92da5f4be8e9765ace3961ffc07677f0645589dade7fa271a2dc453f751cb68
-
Size
1.3MB
-
Sample
221129-qwfxysga9y
-
MD5
5818b9c7e1e4f408f28f5a6c6d0a7565
-
SHA1
b18ddaf0338af454365b5acd9d5d3ac7a6a890e0
-
SHA256
a92da5f4be8e9765ace3961ffc07677f0645589dade7fa271a2dc453f751cb68
-
SHA512
9fbc0219849c3735c35972cb323a393341f2691913676bf1d01159579fe28198db310b6738113550874e14b8c43b050d633c63b34c0a4e1f00fbe53ba4beb057
-
SSDEEP
24576:UJE8PA1dmGeDye5Dt3c2kFOoJU8PaTRFmYvQ49sMZ5D34zvXjycTZPVP6:qtPA8f+e5DpAc6wfmYvXZ5cjZPVP6
Static task
static1
Behavioral task
behavioral1
Sample
a92da5f4be8e9765ace3961ffc07677f0645589dade7fa271a2dc453f751cb68.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a92da5f4be8e9765ace3961ffc07677f0645589dade7fa271a2dc453f751cb68.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
THENTHACKER
thenthacker.no-ip.org:1604
DC_MUTEX-WPNYUQ7
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
92Uc0EZwdkTP
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
a92da5f4be8e9765ace3961ffc07677f0645589dade7fa271a2dc453f751cb68
-
Size
1.3MB
-
MD5
5818b9c7e1e4f408f28f5a6c6d0a7565
-
SHA1
b18ddaf0338af454365b5acd9d5d3ac7a6a890e0
-
SHA256
a92da5f4be8e9765ace3961ffc07677f0645589dade7fa271a2dc453f751cb68
-
SHA512
9fbc0219849c3735c35972cb323a393341f2691913676bf1d01159579fe28198db310b6738113550874e14b8c43b050d633c63b34c0a4e1f00fbe53ba4beb057
-
SSDEEP
24576:UJE8PA1dmGeDye5Dt3c2kFOoJU8PaTRFmYvQ49sMZ5D34zvXjycTZPVP6:qtPA8f+e5DpAc6wfmYvXZ5cjZPVP6
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-