General
-
Target
c45da0c02202b27f6aa1b71808c49c4c37e8f55ef476b602c2b2fcfe06c67d48
-
Size
728KB
-
Sample
221203-f89qpahd49
-
MD5
e936ee9540a39e6f96544ceb64109d43
-
SHA1
7009a12790c17f814fbd708acf05a7ccc3f46d9f
-
SHA256
c45da0c02202b27f6aa1b71808c49c4c37e8f55ef476b602c2b2fcfe06c67d48
-
SHA512
a6f69161adafd7b6c83feb60180a63f46b7092802e25251a3326dc7eea9f093c1ae056b225ee206c346bfad60731b3ebb55551b2ba9d3202214fdafd591b7a6d
-
SSDEEP
12288:fQ9HfogpbIAUjLVfp5xyAVgDfT0INc7FcsduLIBjgKmFSKHW8HUaosrK:bgpbFUVfp5vQL/mmw1BjgKToUaosu
Static task
static1
Behavioral task
behavioral1
Sample
c45da0c02202b27f6aa1b71808c49c4c37e8f55ef476b602c2b2fcfe06c67d48.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
giox3.no-ip.biz:1993
DC_MUTEX-6H6WXL4
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
XobFUkY25DbB
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
c45da0c02202b27f6aa1b71808c49c4c37e8f55ef476b602c2b2fcfe06c67d48
-
Size
728KB
-
MD5
e936ee9540a39e6f96544ceb64109d43
-
SHA1
7009a12790c17f814fbd708acf05a7ccc3f46d9f
-
SHA256
c45da0c02202b27f6aa1b71808c49c4c37e8f55ef476b602c2b2fcfe06c67d48
-
SHA512
a6f69161adafd7b6c83feb60180a63f46b7092802e25251a3326dc7eea9f093c1ae056b225ee206c346bfad60731b3ebb55551b2ba9d3202214fdafd591b7a6d
-
SSDEEP
12288:fQ9HfogpbIAUjLVfp5xyAVgDfT0INc7FcsduLIBjgKmFSKHW8HUaosrK:bgpbFUVfp5vQL/mmw1BjgKToUaosu
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-