General
-
Target
3ce93e4cd89e0839c9a0216a271faa35ead29c48da69180a2e7373bc406680af
-
Size
283KB
-
Sample
230130-e4ppaahb74
-
MD5
10fda18d615bb2a1a6b908899b750a80
-
SHA1
615db4bab0c2ed0f1739ad72f2615156573e66b7
-
SHA256
3ce93e4cd89e0839c9a0216a271faa35ead29c48da69180a2e7373bc406680af
-
SHA512
80a39d30ad7aa54825e5676991fc3482226d78702b7441795d4209b4a283c1c8a870b5200f38860be318efa0ae3054ab1b4c994c6e7e9636197ce965fa7e40b2
-
SSDEEP
6144:QcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL372ZV:QcW7KEZlPzCy37Q
Behavioral task
behavioral1
Sample
3ce93e4cd89e0839c9a0216a271faa35ead29c48da69180a2e7373bc406680af.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
ÇáÖÍíÉ
127.0.0.1:1604
DC_MUTEX-7VRUSP1
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
7EGKaUP0cfGk
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
3ce93e4cd89e0839c9a0216a271faa35ead29c48da69180a2e7373bc406680af
-
Size
283KB
-
MD5
10fda18d615bb2a1a6b908899b750a80
-
SHA1
615db4bab0c2ed0f1739ad72f2615156573e66b7
-
SHA256
3ce93e4cd89e0839c9a0216a271faa35ead29c48da69180a2e7373bc406680af
-
SHA512
80a39d30ad7aa54825e5676991fc3482226d78702b7441795d4209b4a283c1c8a870b5200f38860be318efa0ae3054ab1b4c994c6e7e9636197ce965fa7e40b2
-
SSDEEP
6144:QcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL372ZV:QcW7KEZlPzCy37Q
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-