General
-
Target
432239af3b4ba67d938ffc6bfb22956e
-
Size
658KB
-
Sample
231225-3e5k7shdf2
-
MD5
432239af3b4ba67d938ffc6bfb22956e
-
SHA1
a46d496a95e639d8161dd2512809163f55ed9445
-
SHA256
35df31a35807ceb59bbcc4808292565d64b37c60fee9c98fc3406e40ce6889d5
-
SHA512
549967e66367f0a288850dabb5732382e5c01f0542d193d4006215d4f65f819c5492e1c88f143cfb628fe8c2252b458c5fc12da9f3aedff8ebf1fb37986ac0ac
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hm:+Z1xuVVjfFoynPaVBUR8f+kN10EBg
Behavioral task
behavioral1
Sample
432239af3b4ba67d938ffc6bfb22956e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
432239af3b4ba67d938ffc6bfb22956e.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Guest16_min
xerxesrox.no-ip.biz:83
DCMIN_MUTEX-EHQMHJU
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
PcrJ6QRL7ZlH
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
432239af3b4ba67d938ffc6bfb22956e
-
Size
658KB
-
MD5
432239af3b4ba67d938ffc6bfb22956e
-
SHA1
a46d496a95e639d8161dd2512809163f55ed9445
-
SHA256
35df31a35807ceb59bbcc4808292565d64b37c60fee9c98fc3406e40ce6889d5
-
SHA512
549967e66367f0a288850dabb5732382e5c01f0542d193d4006215d4f65f819c5492e1c88f143cfb628fe8c2252b458c5fc12da9f3aedff8ebf1fb37986ac0ac
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hm:+Z1xuVVjfFoynPaVBUR8f+kN10EBg
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-