General
-
Target
b.exe
-
Size
760KB
-
Sample
230226-krelfagb9y
-
MD5
feed540d47f7de7021b16c3522d86de1
-
SHA1
979aaa59e113eface8bcc36cf70ff7798c0f6441
-
SHA256
8e9072523cb6d64ca2c3f87d24d7068aa5d9864fca1cb1d9cb8c20f0c635ddbf
-
SHA512
7276deaeca8ea5dc29b485f674ff6846228f0d37c37c4dcceccf147911edc6271c6de642f9b71f32a25c3af229b871e3b02bb21b7a902044a38a5002a4e860a0
-
SSDEEP
12288:j3OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/Rzsvvl:bOA4aWNn/m09fKIaaBEtWq3A1Ov8Jgbs
Behavioral task
behavioral1
Sample
b.exe
Resource
win7-20230220-en
Malware Config
Extracted
darkcomet
Guest16
considered-stars.at.ply.gg:11659
DC_MUTEX-JHE9HZ8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
nq0hP7zo1zjV
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicrosoftUpdate
Targets
-
-
Target
b.exe
-
Size
760KB
-
MD5
feed540d47f7de7021b16c3522d86de1
-
SHA1
979aaa59e113eface8bcc36cf70ff7798c0f6441
-
SHA256
8e9072523cb6d64ca2c3f87d24d7068aa5d9864fca1cb1d9cb8c20f0c635ddbf
-
SHA512
7276deaeca8ea5dc29b485f674ff6846228f0d37c37c4dcceccf147911edc6271c6de642f9b71f32a25c3af229b871e3b02bb21b7a902044a38a5002a4e860a0
-
SSDEEP
12288:j3OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/Rzsvvl:bOA4aWNn/m09fKIaaBEtWq3A1Ov8Jgbs
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-