General
-
Target
6ebfa74efede9f7cccad2bb4626b3b29
-
Size
1.8MB
-
Sample
240122-e9dh7sgeak
-
MD5
6ebfa74efede9f7cccad2bb4626b3b29
-
SHA1
cd5c7ffbfe5727c90a6608629b785030248aa343
-
SHA256
470b9f38d9ed2d265b830dc1f179fb9586f034c2750f971b8711efaac4fc4db7
-
SHA512
009d55659f7d20adef8e10ec4a9a93e87f06a6ecd2dbe2d7540500629a395d173022ae482d7d6aa18419237d8fb5b24af19f0bc3fb0d552756017f46406de923
-
SSDEEP
49152:ckwkn9IMHeaMz09WvuQNi9TtEFORuGsdynaIaPCS:XdnVjfZt1Da3PC
Static task
static1
Behavioral task
behavioral1
Sample
6ebfa74efede9f7cccad2bb4626b3b29.exe
Resource
win7-20231215-en
Malware Config
Extracted
darkcomet
Guest16
10.10.0.100:1604
DC_MUTEX-Y36LJJY
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ETGxRJakcHtE
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
6ebfa74efede9f7cccad2bb4626b3b29
-
Size
1.8MB
-
MD5
6ebfa74efede9f7cccad2bb4626b3b29
-
SHA1
cd5c7ffbfe5727c90a6608629b785030248aa343
-
SHA256
470b9f38d9ed2d265b830dc1f179fb9586f034c2750f971b8711efaac4fc4db7
-
SHA512
009d55659f7d20adef8e10ec4a9a93e87f06a6ecd2dbe2d7540500629a395d173022ae482d7d6aa18419237d8fb5b24af19f0bc3fb0d552756017f46406de923
-
SSDEEP
49152:ckwkn9IMHeaMz09WvuQNi9TtEFORuGsdynaIaPCS:XdnVjfZt1Da3PC
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-