General
-
Target
af9146f225f350d3402e58953b7d4369433116ff31b17d28e5511974b02bfdd9
-
Size
1.3MB
-
Sample
221129-r1s9hshe24
-
MD5
c6720fcfce7acab8abe51da2d5ccc33e
-
SHA1
c5ba36ed4280624828ad6725f1b96f8ea99c095b
-
SHA256
af9146f225f350d3402e58953b7d4369433116ff31b17d28e5511974b02bfdd9
-
SHA512
13c24acfd4240f1ab1220d410d58000f6ce7be1da1a66bc6e8713567982c5b64ffc54f41058c6a049850c48bdbebf4bbc3219af8aa594b092e188b522905366b
-
SSDEEP
24576:Ob90u0wwuFQZfpcYRzCL8VlJuxHQ6YqJiJ4Sa6N1vvKht4Wji3GaHJsH:xwwiOBzJmYqJI4SaOa6GaHyH
Static task
static1
Behavioral task
behavioral1
Sample
af9146f225f350d3402e58953b7d4369433116ff31b17d28e5511974b02bfdd9.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
test1
lloveely58.no-ip.org:1604
DCMIN_MUTEX-4JYWM6T
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
LeCN6wAZ8J8N
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
D
Targets
-
-
Target
af9146f225f350d3402e58953b7d4369433116ff31b17d28e5511974b02bfdd9
-
Size
1.3MB
-
MD5
c6720fcfce7acab8abe51da2d5ccc33e
-
SHA1
c5ba36ed4280624828ad6725f1b96f8ea99c095b
-
SHA256
af9146f225f350d3402e58953b7d4369433116ff31b17d28e5511974b02bfdd9
-
SHA512
13c24acfd4240f1ab1220d410d58000f6ce7be1da1a66bc6e8713567982c5b64ffc54f41058c6a049850c48bdbebf4bbc3219af8aa594b092e188b522905366b
-
SSDEEP
24576:Ob90u0wwuFQZfpcYRzCL8VlJuxHQ6YqJiJ4Sa6N1vvKht4Wji3GaHJsH:xwwiOBzJmYqJI4SaOa6GaHyH
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-