General
-
Target
ddd438b3624a3d8f500669f5f8da3d2688229e535065ffe661c5614f7685d3d7
-
Size
757KB
-
Sample
230130-e2t6zsaf4s
-
MD5
191022f31c9f8d537d9ec88fd262bc50
-
SHA1
de7c4e9263b16c64c47cae98818d2eb0fb34c548
-
SHA256
ddd438b3624a3d8f500669f5f8da3d2688229e535065ffe661c5614f7685d3d7
-
SHA512
58e855093be008e5b3113b02a27faf8395d01168b40a12b85438ed7fc2f19321f35695dfda63ef291b3aef63c76a45d7a4cdfa0a3b7c424a4c4a7dca5ee6397e
-
SSDEEP
12288:99HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hX:XZ1xuVVjfFoynPaVBUR8f+kN10EB5
Behavioral task
behavioral1
Sample
ddd438b3624a3d8f500669f5f8da3d2688229e535065ffe661c5614f7685d3d7.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Sazan
crayzlove.no-ip.org:1604
DC_MUTEX-YLDY4TJ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
nZmHWoAc1fhT
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
ddd438b3624a3d8f500669f5f8da3d2688229e535065ffe661c5614f7685d3d7
-
Size
757KB
-
MD5
191022f31c9f8d537d9ec88fd262bc50
-
SHA1
de7c4e9263b16c64c47cae98818d2eb0fb34c548
-
SHA256
ddd438b3624a3d8f500669f5f8da3d2688229e535065ffe661c5614f7685d3d7
-
SHA512
58e855093be008e5b3113b02a27faf8395d01168b40a12b85438ed7fc2f19321f35695dfda63ef291b3aef63c76a45d7a4cdfa0a3b7c424a4c4a7dca5ee6397e
-
SSDEEP
12288:99HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hX:XZ1xuVVjfFoynPaVBUR8f+kN10EB5
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-