General
-
Target
95a0aae8a7984d30a627a9838acd5434
-
Size
918KB
-
Sample
240206-2glenshgg2
-
MD5
95a0aae8a7984d30a627a9838acd5434
-
SHA1
31c5e330f02018243b7252b2a8d7be986a3731e5
-
SHA256
7da760265773acb56206463de01f699ab9316c53456f8d3bdb18db51bfd36a0e
-
SHA512
af6640b7bb357c1c96f8a33a61d36dae35ffc91d54c0c2e6e5fbf0d9b7c9cf3de2a960cde18047d44b7a895f6cadd3420bee08f52feb14906193899f15196bf7
-
SSDEEP
12288:rkzu/UrGcXu2Dvy1ThzF6bWEhLWkWo41Z6tlpFe5vyDmSljuI9MK:Icosz6bWEhq8Ne5aDpFuuf
Static task
static1
Behavioral task
behavioral1
Sample
95a0aae8a7984d30a627a9838acd5434.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
95a0aae8a7984d30a627a9838acd5434.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Guest16_min
127.0.0.1:1604
DCMIN_MUTEX-72R2FVV
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
ojiVYv2dmChl
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
95a0aae8a7984d30a627a9838acd5434
-
Size
918KB
-
MD5
95a0aae8a7984d30a627a9838acd5434
-
SHA1
31c5e330f02018243b7252b2a8d7be986a3731e5
-
SHA256
7da760265773acb56206463de01f699ab9316c53456f8d3bdb18db51bfd36a0e
-
SHA512
af6640b7bb357c1c96f8a33a61d36dae35ffc91d54c0c2e6e5fbf0d9b7c9cf3de2a960cde18047d44b7a895f6cadd3420bee08f52feb14906193899f15196bf7
-
SSDEEP
12288:rkzu/UrGcXu2Dvy1ThzF6bWEhLWkWo41Z6tlpFe5vyDmSljuI9MK:Icosz6bWEhq8Ne5aDpFuuf
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-