General
-
Target
d3342dc53f0dc97e9ef23e3194b7818405f9035109449cb41c4308b95759cfab
-
Size
9.2MB
-
Sample
221203-erzcysdb85
-
MD5
027bad6209e6a14b12925d7dde3a92a5
-
SHA1
a90cab4afdf390b7e64912eff4e667d268083b29
-
SHA256
d3342dc53f0dc97e9ef23e3194b7818405f9035109449cb41c4308b95759cfab
-
SHA512
9805cf044f3c2b68e1da0ef964059c36b3c697aaf0b1e837dbf78119841d3de6cc99c7cb1f6e24ba4259aeaeadef57760528cca4d14129967b5a5d6159ade5e1
-
SSDEEP
24576:Hcosz6bWEhq8Ne5aDpFuufrbtGy92BMqERDQcsp+cPOFZISxqBpcuebmts0+Yo7R:
Static task
static1
Behavioral task
behavioral1
Sample
d3342dc53f0dc97e9ef23e3194b7818405f9035109449cb41c4308b95759cfab.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d3342dc53f0dc97e9ef23e3194b7818405f9035109449cb41c4308b95759cfab.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16_min
127.0.0.1:1604
DCMIN_MUTEX-20T798N
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
AcsVyDXdjgBf
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
d3342dc53f0dc97e9ef23e3194b7818405f9035109449cb41c4308b95759cfab
-
Size
9.2MB
-
MD5
027bad6209e6a14b12925d7dde3a92a5
-
SHA1
a90cab4afdf390b7e64912eff4e667d268083b29
-
SHA256
d3342dc53f0dc97e9ef23e3194b7818405f9035109449cb41c4308b95759cfab
-
SHA512
9805cf044f3c2b68e1da0ef964059c36b3c697aaf0b1e837dbf78119841d3de6cc99c7cb1f6e24ba4259aeaeadef57760528cca4d14129967b5a5d6159ade5e1
-
SSDEEP
24576:Hcosz6bWEhq8Ne5aDpFuufrbtGy92BMqERDQcsp+cPOFZISxqBpcuebmts0+Yo7R:
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-