General
-
Target
af5d927c51c528b6aa08c025a4b794b4852516e4c40f369fe7854ed42eae259a
-
Size
725KB
-
Sample
230130-e2x8mshb29
-
MD5
85e635250ad13b49f453a352c31d030b
-
SHA1
20be5207ea270f8df64ca658ffebb8f538980b58
-
SHA256
af5d927c51c528b6aa08c025a4b794b4852516e4c40f369fe7854ed42eae259a
-
SHA512
d43bdd85b10b4c1111535b81d97893e76c41d07587db3aa2158dc592c379c21a57e990f8121fcd2bfaa9f0cef84ae5bd67ade07f9b43be0ef24daedbee5de56f
-
SSDEEP
12288:U9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hE7x1:YZ1xuVVjfFoynPaVBUR8f+kN10EBGd1
Behavioral task
behavioral1
Sample
af5d927c51c528b6aa08c025a4b794b4852516e4c40f369fe7854ed42eae259a.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Slave
bonke.no-ip.org:1604
asylumisathug.zapto.org:1604
DC_MUTEX-Y98TTWR
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
U98ByHPaUCXn
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
af5d927c51c528b6aa08c025a4b794b4852516e4c40f369fe7854ed42eae259a
-
Size
725KB
-
MD5
85e635250ad13b49f453a352c31d030b
-
SHA1
20be5207ea270f8df64ca658ffebb8f538980b58
-
SHA256
af5d927c51c528b6aa08c025a4b794b4852516e4c40f369fe7854ed42eae259a
-
SHA512
d43bdd85b10b4c1111535b81d97893e76c41d07587db3aa2158dc592c379c21a57e990f8121fcd2bfaa9f0cef84ae5bd67ade07f9b43be0ef24daedbee5de56f
-
SSDEEP
12288:U9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hE7x1:YZ1xuVVjfFoynPaVBUR8f+kN10EBGd1
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-