General
-
Target
easy_Malicious_11437d674ae999699d76a94ad6291e86b49e471796329b2b0b0c95383de53b89.exe
-
Size
252KB
-
Sample
230704-sq7jtsgc21
-
MD5
f13a40d8d558bd757e05dd5d15f8a37c
-
SHA1
dd7794c67fbc193ff893bb1731bcffd913cc76b6
-
SHA256
769be62d4b8b47b83ae43e57c2d5c43bc76224d9a97c67f9c14bd0d93f16a697
-
SHA512
837e0e6305e18ab56d07e28e7194f7adca702fe028a0739f16ecdb2ef530f70d8e0ed14d93b0e22ce6d97b98bb177c652553b683cb40252274e5da3968901f6b
-
SSDEEP
6144:ucNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL370i:ucW7KEZlPzCy373
Behavioral task
behavioral1
Sample
easy_Malicious_11437d674ae999699d76a94ad6291e86b49e471796329b2b0b0c95383de53b89.exe
Resource
win7-20230621-en
Malware Config
Extracted
darkcomet
All
192.168.0.104.:1604
192.168.0.104.:81
DC_MUTEX-3XRDSKA
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
LQ4BCG6oBTFR
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
easy_Malicious_11437d674ae999699d76a94ad6291e86b49e471796329b2b0b0c95383de53b89.exe
-
Size
252KB
-
MD5
f13a40d8d558bd757e05dd5d15f8a37c
-
SHA1
dd7794c67fbc193ff893bb1731bcffd913cc76b6
-
SHA256
769be62d4b8b47b83ae43e57c2d5c43bc76224d9a97c67f9c14bd0d93f16a697
-
SHA512
837e0e6305e18ab56d07e28e7194f7adca702fe028a0739f16ecdb2ef530f70d8e0ed14d93b0e22ce6d97b98bb177c652553b683cb40252274e5da3968901f6b
-
SSDEEP
6144:ucNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL370i:ucW7KEZlPzCy373
-
Modifies WinLogon for persistence
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-