General
-
Target
ydjtjdhdhjgf.exe
-
Size
251KB
-
Sample
230219-r21d8afc2s
-
MD5
599cf9f4f6ef6e2f4033cafa7dd073b2
-
SHA1
8d1480f20426e43e5dee454e7d69c9c2594cb89a
-
SHA256
691f80ce05f5d787599cd990ae5f256c4aa40b66e2b58415f24883f8047827ad
-
SHA512
0eae0f8ee3331b911f5965546962956b68687237feab2f8e25c5b609a7bad928bbd29a235c288174d0fab0b530b1d3c35bbda2b5f8d7f5fbb9d39744f7b639f2
-
SSDEEP
6144:VcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37y3S:VcW7KEZlPzCy37y3
Behavioral task
behavioral1
Sample
ydjtjdhdhjgf.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest16
sussysdfffdfff343.duckdns.org:1604
DC_MUTEX-GWZP22C
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
XdSkLijM5PKr
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicrosoftEdge
Targets
-
-
Target
ydjtjdhdhjgf.exe
-
Size
251KB
-
MD5
599cf9f4f6ef6e2f4033cafa7dd073b2
-
SHA1
8d1480f20426e43e5dee454e7d69c9c2594cb89a
-
SHA256
691f80ce05f5d787599cd990ae5f256c4aa40b66e2b58415f24883f8047827ad
-
SHA512
0eae0f8ee3331b911f5965546962956b68687237feab2f8e25c5b609a7bad928bbd29a235c288174d0fab0b530b1d3c35bbda2b5f8d7f5fbb9d39744f7b639f2
-
SSDEEP
6144:VcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37y3S:VcW7KEZlPzCy37y3
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-