General
-
Target
ad070f84f0be3f151a00a368b36795ed8a59d4daef83ebd0a32ffce7a6b3f78e
-
Size
482KB
-
Sample
221202-1vyrgscc8v
-
MD5
33d82a7ba4545a1c220fe5eaca758c9c
-
SHA1
1ef9db72bf84b1c5d2a4ea19ae94f15706275927
-
SHA256
ad070f84f0be3f151a00a368b36795ed8a59d4daef83ebd0a32ffce7a6b3f78e
-
SHA512
c3171b8ec6a0507e58b31300a8f5df5643a4dfa49b0f46ae22eda475d76f82a22ba9b0b477ac1976126571dd845606450e53fc10e5a3a8f500a23eb3ef2240e9
-
SSDEEP
12288:biO58NPU8EOwIk7/1Cy0b9GbGv6J6rB725WqOv7//Kr:T1nOwP/9qGbGv6Je7287G
Static task
static1
Behavioral task
behavioral1
Sample
ad070f84f0be3f151a00a368b36795ed8a59d4daef83ebd0a32ffce7a6b3f78e.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
1
dnlserver392.servemp3.com:88
dnlserver392.servemp3.com:1609
dnlserver392.servemp3.com:1039
dnlserver392.servemp3.com:27892
dnlserver392.servemp3.com:39892
CLE982335NAZ4MN
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
fMQfllcSj5tf
-
install
true
-
offline_keylogger
true
-
password
ib2HAc2i832kg
-
persistence
true
-
reg_key
AdobeFlash
Targets
-
-
Target
ad070f84f0be3f151a00a368b36795ed8a59d4daef83ebd0a32ffce7a6b3f78e
-
Size
482KB
-
MD5
33d82a7ba4545a1c220fe5eaca758c9c
-
SHA1
1ef9db72bf84b1c5d2a4ea19ae94f15706275927
-
SHA256
ad070f84f0be3f151a00a368b36795ed8a59d4daef83ebd0a32ffce7a6b3f78e
-
SHA512
c3171b8ec6a0507e58b31300a8f5df5643a4dfa49b0f46ae22eda475d76f82a22ba9b0b477ac1976126571dd845606450e53fc10e5a3a8f500a23eb3ef2240e9
-
SSDEEP
12288:biO58NPU8EOwIk7/1Cy0b9GbGv6J6rB725WqOv7//Kr:T1nOwP/9qGbGv6Je7287G
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-