General
-
Target
b188d76edd8c90e1befa9da14db4823d7ae0764dc7c6f519e95d38933bc29fb2
-
Size
349KB
-
Sample
230130-e4k14aaf91
-
MD5
d38d12b79a5aa7e5510406e5d8e009b9
-
SHA1
4e75d734d12139b310fee3dfbfefc7c53f2145b6
-
SHA256
b188d76edd8c90e1befa9da14db4823d7ae0764dc7c6f519e95d38933bc29fb2
-
SHA512
28dceec5780cad9456ef214da564ae2aefbf3f1de8a992bb3134fadd0835298b2dd90ddd9318d8349b6da1b12d08566d0f483814f0745c84aa2a21cb8ad01481
-
SSDEEP
6144:JcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37uYuPlbL:JcW7KEZlPzCy37
Behavioral task
behavioral1
Sample
b188d76edd8c90e1befa9da14db4823d7ae0764dc7c6f519e95d38933bc29fb2.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
3l3ctr0n.no-ip.org:1605
DC_MUTEX-HTCGFMT
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
NKbpud9BzL7p
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
b188d76edd8c90e1befa9da14db4823d7ae0764dc7c6f519e95d38933bc29fb2
-
Size
349KB
-
MD5
d38d12b79a5aa7e5510406e5d8e009b9
-
SHA1
4e75d734d12139b310fee3dfbfefc7c53f2145b6
-
SHA256
b188d76edd8c90e1befa9da14db4823d7ae0764dc7c6f519e95d38933bc29fb2
-
SHA512
28dceec5780cad9456ef214da564ae2aefbf3f1de8a992bb3134fadd0835298b2dd90ddd9318d8349b6da1b12d08566d0f483814f0745c84aa2a21cb8ad01481
-
SSDEEP
6144:JcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37uYuPlbL:JcW7KEZlPzCy37
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-