General
-
Target
File.exe
-
Size
2.8MB
-
Sample
230226-kpv6eagb81
-
MD5
405ad6900ec6e4dd973bd065ae553e87
-
SHA1
3a966d77673e1a7a1417ff76b730996d9f8e9022
-
SHA256
22aa7f7c36245dc75950bdca6d85eda699084516083306f6be8dd5e596d99865
-
SHA512
020fd4b3adbae94edd64565dcb8cc70bdf5a036d18efe63470f2521e951be0088a9c713d95fdde9372bc2e3d5c04c0f2d5de19a68d012a02e208882737b4de46
-
SSDEEP
49152:dIS4fV+/A3knfH5YvDxcYlFMUXzRYSGZle13H:dIRV+/A3knf6DeYDXdYff63
Static task
static1
Malware Config
Extracted
darkcomet
Guest16
considered-stars.at.ply.gg:11659
DC_MUTEX-4RAEX72
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
741ngBRSJpQj
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicrosoftUpdate
Targets
-
-
Target
File.exe
-
Size
2.8MB
-
MD5
405ad6900ec6e4dd973bd065ae553e87
-
SHA1
3a966d77673e1a7a1417ff76b730996d9f8e9022
-
SHA256
22aa7f7c36245dc75950bdca6d85eda699084516083306f6be8dd5e596d99865
-
SHA512
020fd4b3adbae94edd64565dcb8cc70bdf5a036d18efe63470f2521e951be0088a9c713d95fdde9372bc2e3d5c04c0f2d5de19a68d012a02e208882737b4de46
-
SSDEEP
49152:dIS4fV+/A3knfH5YvDxcYlFMUXzRYSGZle13H:dIRV+/A3knf6DeYDXdYff63
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-