General
-
Target
24c1639572bc578e73fb540049f85965d7507193295d92f76182a74f1159cb86
-
Size
902KB
-
Sample
221130-nv7ceaag5x
-
MD5
24f9560078b41421ef6e7b578e11707d
-
SHA1
9538044dde6f01d845ed85f2aba2d6c5dba4ed84
-
SHA256
24c1639572bc578e73fb540049f85965d7507193295d92f76182a74f1159cb86
-
SHA512
d16e5473c101b5753e329b952acc84c3c6a0a61444e1a584b91e4966edf0f736bee7b34e096a19ae77be5de131da564a0295199156d088cf99bc6dff57caa63d
-
SSDEEP
24576:LAz5yV99MCTKMQtCypy9IvmAro8+Ehds7ULh6kR:MIEXpIchds7ULhL
Behavioral task
behavioral1
Sample
24c1639572bc578e73fb540049f85965d7507193295d92f76182a74f1159cb86.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest16
nizamcik.zapto.org:1604
DC_MUTEX-11C9ZRU
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
dmLlC7W9J569
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
24c1639572bc578e73fb540049f85965d7507193295d92f76182a74f1159cb86
-
Size
902KB
-
MD5
24f9560078b41421ef6e7b578e11707d
-
SHA1
9538044dde6f01d845ed85f2aba2d6c5dba4ed84
-
SHA256
24c1639572bc578e73fb540049f85965d7507193295d92f76182a74f1159cb86
-
SHA512
d16e5473c101b5753e329b952acc84c3c6a0a61444e1a584b91e4966edf0f736bee7b34e096a19ae77be5de131da564a0295199156d088cf99bc6dff57caa63d
-
SSDEEP
24576:LAz5yV99MCTKMQtCypy9IvmAro8+Ehds7ULh6kR:MIEXpIchds7ULhL
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-