General
-
Target
aee9537368f0783e23baf4f027b85b1a0d511afc8a061b0e561cc5c0c0de3fd8
-
Size
1.0MB
-
Sample
221203-srgpssfe9x
-
MD5
c5c9a0332222e43d9573cc9c70c34355
-
SHA1
4db65d1c88c123806aba5f4d6889bf4bfa25cca9
-
SHA256
aee9537368f0783e23baf4f027b85b1a0d511afc8a061b0e561cc5c0c0de3fd8
-
SHA512
b18dc4b1fd763a0940ee48ebe3f17e88de23177b05429850d2d29288223d9466c42c163ab9b1c0ad431024b6b6a7cfa46790d8cce67a92a3d289d5f5de097498
-
SSDEEP
12288:C2wr5i38VeUbBG7QUDcMBqD3cwkz7RZ/vCgC430iPigX5QOfenwa0bR+/UFQhf7c:V3kPOcEqDw3I4BTewauR/F8f9C14E
Static task
static1
Behavioral task
behavioral1
Sample
aee9537368f0783e23baf4f027b85b1a0d511afc8a061b0e561cc5c0c0de3fd8.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Victima
mala-87.no-ip.org:1604
DC_MUTEX-WFM1HME
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
1H10Q6SrzhVj
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
aee9537368f0783e23baf4f027b85b1a0d511afc8a061b0e561cc5c0c0de3fd8
-
Size
1.0MB
-
MD5
c5c9a0332222e43d9573cc9c70c34355
-
SHA1
4db65d1c88c123806aba5f4d6889bf4bfa25cca9
-
SHA256
aee9537368f0783e23baf4f027b85b1a0d511afc8a061b0e561cc5c0c0de3fd8
-
SHA512
b18dc4b1fd763a0940ee48ebe3f17e88de23177b05429850d2d29288223d9466c42c163ab9b1c0ad431024b6b6a7cfa46790d8cce67a92a3d289d5f5de097498
-
SSDEEP
12288:C2wr5i38VeUbBG7QUDcMBqD3cwkz7RZ/vCgC430iPigX5QOfenwa0bR+/UFQhf7c:V3kPOcEqDw3I4BTewauR/F8f9C14E
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-