General
-
Target
016d141ae10e0601b7e3eac1ab8e452c.bin
-
Size
248KB
-
Sample
230325-bcpnescd7v
-
MD5
e7f5459e5f1bec9a47b8aeb52773b384
-
SHA1
05027c3c6e091aa267706965f7e8ed9627dd129a
-
SHA256
6e51958b6d8afac048bb3490993d02da276f51c773b566a9e729d29dd755b055
-
SHA512
a7e2cbd53ce4a05dbda6dcbf82335141f1704b41a1f712b211d706f3643fa04f9c78f1cec680a333306ef7267e39885aff6add996b6ee7a39120815ca57f7804
-
SSDEEP
6144:ABIBhU21jG6yJPugdEK6U5Adt+COuEsyefkKGBUvE:AOQ2NG6Xg96vJOurMnBUvE
Behavioral task
behavioral1
Sample
51e12e4db963bd5b2bb2f826767e3bc67d1e3e1f7222b1ede203dd3304efbe51.exe
Resource
win7-20230220-en
Malware Config
Extracted
darkcomet
Guest16
kostya.ddns.net:1604
kostya.ddns.net:27015
DC_MUTEX-871ND55
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
98HmJFR7GLjd
-
install
true
-
offline_keylogger
false
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
51e12e4db963bd5b2bb2f826767e3bc67d1e3e1f7222b1ede203dd3304efbe51.bin
-
Size
253KB
-
MD5
016d141ae10e0601b7e3eac1ab8e452c
-
SHA1
bc38c46d7f7706176178f138aa9f33c498f7263d
-
SHA256
51e12e4db963bd5b2bb2f826767e3bc67d1e3e1f7222b1ede203dd3304efbe51
-
SHA512
911a117cba62ee918a151da422e990388de68a0958d5695b74142c11f650fefd8718ca72d261b7f5762db5fb09d8b15c8cbf4703b59bb159e78d5c7a917d7fc0
-
SSDEEP
6144:AD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ:Al8E4w5huat7UovONzbXw
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-