General
-
Target
b0dc3dbef3c1ecec8099f9531b9c0b4b913dbc244bfb0a6c399b40c66c81ccc0
-
Size
834KB
-
Sample
221203-cbk5aaha5t
-
MD5
642cc235b6552c524c89441d23053420
-
SHA1
64ea644a56e14d2062f76374176785a45515b9fd
-
SHA256
b0dc3dbef3c1ecec8099f9531b9c0b4b913dbc244bfb0a6c399b40c66c81ccc0
-
SHA512
1ade8c82a148496a47c46dc3567deb20a98d512ead13f5cf533d22ef0fbfbcaf2c9ad691c95717d956533875ec0f6aafc68764842f00129b1370cd3b25d49883
-
SSDEEP
24576:jG94QklbgNXrs5jkPENZI9k6Ts84PCx7/NBEn:jg4owbZI7cPc7Un
Static task
static1
Behavioral task
behavioral1
Sample
b0dc3dbef3c1ecec8099f9531b9c0b4b913dbc244bfb0a6c399b40c66c81ccc0.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Guest2
myvault.no-ip.info:999
DC_MUTEX-ZCH6G3K
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
L8vg77ELMAXt
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
b0dc3dbef3c1ecec8099f9531b9c0b4b913dbc244bfb0a6c399b40c66c81ccc0
-
Size
834KB
-
MD5
642cc235b6552c524c89441d23053420
-
SHA1
64ea644a56e14d2062f76374176785a45515b9fd
-
SHA256
b0dc3dbef3c1ecec8099f9531b9c0b4b913dbc244bfb0a6c399b40c66c81ccc0
-
SHA512
1ade8c82a148496a47c46dc3567deb20a98d512ead13f5cf533d22ef0fbfbcaf2c9ad691c95717d956533875ec0f6aafc68764842f00129b1370cd3b25d49883
-
SSDEEP
24576:jG94QklbgNXrs5jkPENZI9k6Ts84PCx7/NBEn:jg4owbZI7cPc7Un
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-