General
-
Target
1977c2bdcaec144f08371608e0e7ee3a
-
Size
1.4MB
-
Sample
231225-m63mxsbhf6
-
MD5
1977c2bdcaec144f08371608e0e7ee3a
-
SHA1
2e98c250c112b6479673c6fac4c130bf1e45287d
-
SHA256
21e6c4cc8f7785a4d0c8f312cbdf5219d24a0f1176a144d109f91cc427a062f7
-
SHA512
2be17328024380a1718adcb587485a778e1d463a9b911efeccba881030d9db8f175f4ec511abb562a2d5ea5dc7bce317452eede45e79646c69350fe0e026b1d7
-
SSDEEP
24576:hh0r/k3pEdZWmRO56tTl6UMs0VbEGZ88TUM+b1ImBsz06xz:k9AGMZZxz
Static task
static1
Behavioral task
behavioral1
Sample
1977c2bdcaec144f08371608e0e7ee3a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1977c2bdcaec144f08371608e0e7ee3a.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Guest16_min
testme123.no-ip.biz:82
DCMIN_MUTEX-EVANRM5
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
3ozW3J5fvJ1y
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Update
Targets
-
-
Target
1977c2bdcaec144f08371608e0e7ee3a
-
Size
1.4MB
-
MD5
1977c2bdcaec144f08371608e0e7ee3a
-
SHA1
2e98c250c112b6479673c6fac4c130bf1e45287d
-
SHA256
21e6c4cc8f7785a4d0c8f312cbdf5219d24a0f1176a144d109f91cc427a062f7
-
SHA512
2be17328024380a1718adcb587485a778e1d463a9b911efeccba881030d9db8f175f4ec511abb562a2d5ea5dc7bce317452eede45e79646c69350fe0e026b1d7
-
SSDEEP
24576:hh0r/k3pEdZWmRO56tTl6UMs0VbEGZ88TUM+b1ImBsz06xz:k9AGMZZxz
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-