General
-
Target
601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1
-
Size
375KB
-
Sample
221130-3z21taga85
-
MD5
657b79ef025b2ed1c70fb8aefeda1df6
-
SHA1
ceb60d07ae73c6cbb9de4b0e7185aaae763d5b7c
-
SHA256
601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1
-
SHA512
0bd736e0510ea4daab6394f9e445d2fc9f5f49aca1be3381968f725c84e8702228b9b08dbd49780f307d020cf845e12d47c6a51c778917c6c5e25bb5a666a91e
-
SSDEEP
6144:5BQte3EQXklI4BtF37lR7+8PXX6agEtzJvK1+7W8OuUGgBU0Z2iw:5BQteFXmDtF3pR7PX6aFtzr7NOu4vov
Static task
static1
Behavioral task
behavioral1
Sample
601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
victem
nothanks.no-ip.org:1604
DC_MUTEX-B5AZ2X3
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
XDbFNVHYNmmR
-
install
true
-
offline_keylogger
true
-
password
123
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1
-
Size
375KB
-
MD5
657b79ef025b2ed1c70fb8aefeda1df6
-
SHA1
ceb60d07ae73c6cbb9de4b0e7185aaae763d5b7c
-
SHA256
601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1
-
SHA512
0bd736e0510ea4daab6394f9e445d2fc9f5f49aca1be3381968f725c84e8702228b9b08dbd49780f307d020cf845e12d47c6a51c778917c6c5e25bb5a666a91e
-
SSDEEP
6144:5BQte3EQXklI4BtF37lR7+8PXX6agEtzJvK1+7W8OuUGgBU0Z2iw:5BQteFXmDtF3pR7PX6aFtzr7NOu4vov
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-