General
-
Target
87ed3f85134bd69e592ac795ac03f8236f6c27ce2fe66b5d76711b2f70e3f36c
-
Size
251KB
-
Sample
230408-hwm29scc23
-
MD5
774eea43d81ca517ca178775e01932a5
-
SHA1
250dd4f6cb21fae98e60987fa4e3aedbb8b9e1da
-
SHA256
87ed3f85134bd69e592ac795ac03f8236f6c27ce2fe66b5d76711b2f70e3f36c
-
SHA512
00d51a872413ddeee7ae00b4e4c079d7345d0a09a4b3dd6a31de65121de164f87c3ae99d9a04832c72df18055120dcbd47d3b0ad3179a5ab3d0174a84773c884
-
SSDEEP
6144:7cNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:7cW7KEZlPzCy37
Behavioral task
behavioral1
Sample
87ed3f85134bd69e592ac795ac03f8236f6c27ce2fe66b5d76711b2f70e3f36c.exe
Resource
win7-20230220-en
Malware Config
Extracted
darkcomet
xoux
rb-scripts.ddns.net:1604
192.168.1.64:1604
DC_MUTEX-TQ1YJBX
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
uMkCruJ6lH8w
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
87ed3f85134bd69e592ac795ac03f8236f6c27ce2fe66b5d76711b2f70e3f36c
-
Size
251KB
-
MD5
774eea43d81ca517ca178775e01932a5
-
SHA1
250dd4f6cb21fae98e60987fa4e3aedbb8b9e1da
-
SHA256
87ed3f85134bd69e592ac795ac03f8236f6c27ce2fe66b5d76711b2f70e3f36c
-
SHA512
00d51a872413ddeee7ae00b4e4c079d7345d0a09a4b3dd6a31de65121de164f87c3ae99d9a04832c72df18055120dcbd47d3b0ad3179a5ab3d0174a84773c884
-
SSDEEP
6144:7cNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:7cW7KEZlPzCy37
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-