General
-
Target
easy_Malicious_2da05edc14df9557fc474515f29ca7f4a5c2fcb2de085c443ab37cace93194cf.exe
-
Size
1.4MB
-
Sample
230704-r9rr2sfg3x
-
MD5
49f3321b14dd9dcb9108b1c6d139bc7b
-
SHA1
35876b7c9ff2a3c609792c9d49a9641dc181bfec
-
SHA256
933aba01ef4f1c57b7f6b82a59dcdada8f8689eb711e5a6c165f6b3d6ee3aa68
-
SHA512
f922d959e0f6e746a4c360ccd406784d5fe5115f16b5cb14256e5557440d5636709d1a2bbc88127cf604c100207558028a08a0ff8ccb0cac42452d195c044abb
-
SSDEEP
24576:nZ1xuVVjfFoynPaVBUR8f+kN10EBbZ1xuVVjfFoynPaVBUR8f+kN10EBsgugEnoI:ZQDgok302QDgok30hgEnoSE5I
Behavioral task
behavioral1
Sample
easy_Malicious_2da05edc14df9557fc474515f29ca7f4a5c2fcb2de085c443ab37cace93194cf.exe
Resource
win7-20230703-en
Malware Config
Extracted
darkcomet
Sazan
ratcidavut.duckdns.org:1604
DC_MUTEX-EGAAD3Q
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
QmqknQ6ovQPD
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
easy_Malicious_2da05edc14df9557fc474515f29ca7f4a5c2fcb2de085c443ab37cace93194cf.exe
-
Size
1.4MB
-
MD5
49f3321b14dd9dcb9108b1c6d139bc7b
-
SHA1
35876b7c9ff2a3c609792c9d49a9641dc181bfec
-
SHA256
933aba01ef4f1c57b7f6b82a59dcdada8f8689eb711e5a6c165f6b3d6ee3aa68
-
SHA512
f922d959e0f6e746a4c360ccd406784d5fe5115f16b5cb14256e5557440d5636709d1a2bbc88127cf604c100207558028a08a0ff8ccb0cac42452d195c044abb
-
SSDEEP
24576:nZ1xuVVjfFoynPaVBUR8f+kN10EBbZ1xuVVjfFoynPaVBUR8f+kN10EBsgugEnoI:ZQDgok302QDgok30hgEnoSE5I
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-