General
-
Target
c6821131539c018d83a39e9524d869cd8ed204741d1cba8322daf4bd12a0350a
-
Size
826KB
-
Sample
221130-e8pj3sbe2w
-
MD5
794ffbba826644ebaba383ce35ff6e4f
-
SHA1
7103bddea0d9ed714c87cd4f2fcbe27fdb2c7073
-
SHA256
c6821131539c018d83a39e9524d869cd8ed204741d1cba8322daf4bd12a0350a
-
SHA512
6eb675ea4667d740d1c0735662a31991ceee7475147e6acd625d50829ac3aadec6a6ee98368ab290fe64ba20c02920470eeae8ec8ad2045174f217cd8bdfc4fe
-
SSDEEP
12288:ZuoHPyzPHlRPoR/dnMMrmZOx8UAyDi0AaqUDMp9fUWuCQbhOmzXhWzqPxgJdnI/q:9yzP6dMMS4xF5KU8Crwmzne3nuTax
Static task
static1
Behavioral task
behavioral1
Sample
c6821131539c018d83a39e9524d869cd8ed204741d1cba8322daf4bd12a0350a.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
hacker
vrnl.no-ip.org:1604
DC_MUTEX-X7L1TR6
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Pr1EvmBuofnm
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
c6821131539c018d83a39e9524d869cd8ed204741d1cba8322daf4bd12a0350a
-
Size
826KB
-
MD5
794ffbba826644ebaba383ce35ff6e4f
-
SHA1
7103bddea0d9ed714c87cd4f2fcbe27fdb2c7073
-
SHA256
c6821131539c018d83a39e9524d869cd8ed204741d1cba8322daf4bd12a0350a
-
SHA512
6eb675ea4667d740d1c0735662a31991ceee7475147e6acd625d50829ac3aadec6a6ee98368ab290fe64ba20c02920470eeae8ec8ad2045174f217cd8bdfc4fe
-
SSDEEP
12288:ZuoHPyzPHlRPoR/dnMMrmZOx8UAyDi0AaqUDMp9fUWuCQbhOmzXhWzqPxgJdnI/q:9yzP6dMMS4xF5KU8Crwmzne3nuTax
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-