General
-
Target
cd6cc0bd759caca3a2b8c828b92b981468cd01211d17cb5ae51436719fdc3a79
-
Size
388KB
-
Sample
230130-e4cpqahb64
-
MD5
bc41c3afa15794a513e935f8be52b439
-
SHA1
35d0331f8d07693ca0633e72aab11651c57988c0
-
SHA256
cd6cc0bd759caca3a2b8c828b92b981468cd01211d17cb5ae51436719fdc3a79
-
SHA512
4a29bc20d4b6854bdd72a6e2e526d16409964f4d9816e1727d63d4ec18123b0c48a26e34ebe58fc5a0646fb4941e4297dda2d21035106ecc47ba03e338e0561c
-
SSDEEP
6144:9n9uJ4oXHig4BQ+pyGlv9ZQ+wjEqhLiLhjY0G2k262rKZvNny1PRJ:9nYbXLQyG99ZQ+shLU9YD26Ep1/
Static task
static1
Behavioral task
behavioral1
Sample
cd6cc0bd759caca3a2b8c828b92b981468cd01211d17cb5ae51436719fdc3a79.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest16
making.no-ip.info:1604
DC_MUTEX-LG98A8Z
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
DEdYqFkh8e6g
-
install
true
-
offline_keylogger
true
-
password
0123456789
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
cd6cc0bd759caca3a2b8c828b92b981468cd01211d17cb5ae51436719fdc3a79
-
Size
388KB
-
MD5
bc41c3afa15794a513e935f8be52b439
-
SHA1
35d0331f8d07693ca0633e72aab11651c57988c0
-
SHA256
cd6cc0bd759caca3a2b8c828b92b981468cd01211d17cb5ae51436719fdc3a79
-
SHA512
4a29bc20d4b6854bdd72a6e2e526d16409964f4d9816e1727d63d4ec18123b0c48a26e34ebe58fc5a0646fb4941e4297dda2d21035106ecc47ba03e338e0561c
-
SSDEEP
6144:9n9uJ4oXHig4BQ+pyGlv9ZQ+wjEqhLiLhjY0G2k262rKZvNny1PRJ:9nYbXLQyG99ZQ+shLU9YD26Ep1/
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-