General
-
Target
53378d1cdf29ba3d6281f32d4a787402c750cb60b207565a74f426922a451ccd
-
Size
2.5MB
-
Sample
230129-ve5xzaec76
-
MD5
b85bd40c70b5913df16cac41feae9949
-
SHA1
88139dbe95928614ab375ef0e3257a925dff0bb7
-
SHA256
53378d1cdf29ba3d6281f32d4a787402c750cb60b207565a74f426922a451ccd
-
SHA512
4c57449a1afe32959c5b9760ad065392e4e0b29f3f2323202b4649393a764b71dff03af9aa02a7154f0c24e1855b97eb1b32994aa2b692f0844bd29a1d63535d
-
SSDEEP
49152:7JZoQrbTFZY1iaJag33A46NOBLtCaW/sXdkWQe9D+nwOWYcu2I7RTp/PwWUlLmY6:7trbTA19as3l8OBL+I7D+nwcP3tY6
Static task
static1
Behavioral task
behavioral1
Sample
53378d1cdf29ba3d6281f32d4a787402c750cb60b207565a74f426922a451ccd.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Victime
shytoos.ddns.net:1604
DC_MUTEX-Z8X4H3R
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
JJ52hfcLdTnD
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
53378d1cdf29ba3d6281f32d4a787402c750cb60b207565a74f426922a451ccd
-
Size
2.5MB
-
MD5
b85bd40c70b5913df16cac41feae9949
-
SHA1
88139dbe95928614ab375ef0e3257a925dff0bb7
-
SHA256
53378d1cdf29ba3d6281f32d4a787402c750cb60b207565a74f426922a451ccd
-
SHA512
4c57449a1afe32959c5b9760ad065392e4e0b29f3f2323202b4649393a764b71dff03af9aa02a7154f0c24e1855b97eb1b32994aa2b692f0844bd29a1d63535d
-
SSDEEP
49152:7JZoQrbTFZY1iaJag33A46NOBLtCaW/sXdkWQe9D+nwOWYcu2I7RTp/PwWUlLmY6:7trbTA19as3l8OBL+I7D+nwcP3tY6
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-