General
-
Target
d13ab2e291da1a80654183a7e1c54be3d1912f8f107a17a25211515c1b99d057
-
Size
708KB
-
Sample
221202-sykp2aee61
-
MD5
d2a3071a176ca62d14b4dc169108fdbf
-
SHA1
ba475fe57f7addee0e4db8fe9d2326b7b7e5b1ba
-
SHA256
d13ab2e291da1a80654183a7e1c54be3d1912f8f107a17a25211515c1b99d057
-
SHA512
3709bb62672f70873c621445ed816855e60d584fe6bacfe2bfb120a39932789d4f80527b1fa2e6b3b6ae9e0c6546e87e3a3c7572c7d917d1ad0157cb4334bbc5
-
SSDEEP
12288:upIMcmlZ4KWRcFS+Ohs5XATnEeTyyD7STSkBoTks2KwNzfTE1UC:U0KtvOhs5XAjE8D7STSkBogiwNzrE1UC
Static task
static1
Behavioral task
behavioral1
Sample
d13ab2e291da1a80654183a7e1c54be3d1912f8f107a17a25211515c1b99d057.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d13ab2e291da1a80654183a7e1c54be3d1912f8f107a17a25211515c1b99d057.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
Guest16_min
ilovetoreatppl.no-ip.info:1655
DCMIN_MUTEX-ZRS2SQ4
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
0oyP2P4cHSMw
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
d13ab2e291da1a80654183a7e1c54be3d1912f8f107a17a25211515c1b99d057
-
Size
708KB
-
MD5
d2a3071a176ca62d14b4dc169108fdbf
-
SHA1
ba475fe57f7addee0e4db8fe9d2326b7b7e5b1ba
-
SHA256
d13ab2e291da1a80654183a7e1c54be3d1912f8f107a17a25211515c1b99d057
-
SHA512
3709bb62672f70873c621445ed816855e60d584fe6bacfe2bfb120a39932789d4f80527b1fa2e6b3b6ae9e0c6546e87e3a3c7572c7d917d1ad0157cb4334bbc5
-
SSDEEP
12288:upIMcmlZ4KWRcFS+Ohs5XATnEeTyyD7STSkBoTks2KwNzfTE1UC:U0KtvOhs5XAjE8D7STSkBogiwNzrE1UC
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-