General
-
Target
7fb37de5b0d3a10bd5f0c4667421419d5948c422f89116a474250ecadec9ebcb
-
Size
663KB
-
Sample
221129-rh8aqafg65
-
MD5
742b9cfbf6a1a647fff63a68db09ae9a
-
SHA1
401898c521fa87c5390fe84a420ad051b5f00e2e
-
SHA256
7fb37de5b0d3a10bd5f0c4667421419d5948c422f89116a474250ecadec9ebcb
-
SHA512
b20264cab69a080fbee3e117b7978c8e398b3ac898ab8a578dcfbda896148b334cdaa4244ee34064e3a38727556b04a17fa285c50fe344d6fe88ca92681d7e21
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hu:+Z1xuVVjfFoynPaVBUR8f+kN10EBE
Behavioral task
behavioral1
Sample
7fb37de5b0d3a10bd5f0c4667421419d5948c422f89116a474250ecadec9ebcb.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
7fb37de5b0d3a10bd5f0c4667421419d5948c422f89116a474250ecadec9ebcb.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
Guest16
darkcometrshack.zapto.org:1604
DC_MUTEX-WY98CUV
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
DSuCzdL0CcY0
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
7fb37de5b0d3a10bd5f0c4667421419d5948c422f89116a474250ecadec9ebcb
-
Size
663KB
-
MD5
742b9cfbf6a1a647fff63a68db09ae9a
-
SHA1
401898c521fa87c5390fe84a420ad051b5f00e2e
-
SHA256
7fb37de5b0d3a10bd5f0c4667421419d5948c422f89116a474250ecadec9ebcb
-
SHA512
b20264cab69a080fbee3e117b7978c8e398b3ac898ab8a578dcfbda896148b334cdaa4244ee34064e3a38727556b04a17fa285c50fe344d6fe88ca92681d7e21
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hu:+Z1xuVVjfFoynPaVBUR8f+kN10EBE
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-