General
-
Target
7b612d5842f567a1f48d3994db325993e7551b2170f547ddaf8db1bb8aef2dec
-
Size
428KB
-
Sample
221130-3fhg3ahf8x
-
MD5
5255f0443a1034f215036577803a6919
-
SHA1
c0b1ff889b5ac20c5970fc38bf558fbf794da784
-
SHA256
7b612d5842f567a1f48d3994db325993e7551b2170f547ddaf8db1bb8aef2dec
-
SHA512
74dcdc32b5cb1aee8a49ed9d6891e8d36007e0102a524e2a229cef3383e9d19f7e60306a8a928114d7b646bb603d0291478e3c70a13d86d01898606566ff65a7
-
SSDEEP
12288:kequUe6T7H0CEVnCelBDGPVys+6dGVLoW:keQT7VuCelBid++GVLB
Static task
static1
Behavioral task
behavioral1
Sample
7b612d5842f567a1f48d3994db325993e7551b2170f547ddaf8db1bb8aef2dec.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
haker
ayada.zapto.org:1355
DC_MUTEX-Q865W5H
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
geVV3tzoYfD5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
����������.b
Targets
-
-
Target
7b612d5842f567a1f48d3994db325993e7551b2170f547ddaf8db1bb8aef2dec
-
Size
428KB
-
MD5
5255f0443a1034f215036577803a6919
-
SHA1
c0b1ff889b5ac20c5970fc38bf558fbf794da784
-
SHA256
7b612d5842f567a1f48d3994db325993e7551b2170f547ddaf8db1bb8aef2dec
-
SHA512
74dcdc32b5cb1aee8a49ed9d6891e8d36007e0102a524e2a229cef3383e9d19f7e60306a8a928114d7b646bb603d0291478e3c70a13d86d01898606566ff65a7
-
SSDEEP
12288:kequUe6T7H0CEVnCelBDGPVys+6dGVLoW:keQT7VuCelBid++GVLB
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-