General
-
Target
a1f5a8ee77c66ba3b74b55f37be7b5e5
-
Size
660KB
-
Sample
240224-qnkk6sch23
-
MD5
a1f5a8ee77c66ba3b74b55f37be7b5e5
-
SHA1
33c06f5fc98557b20be2719eb6b167de5db97833
-
SHA256
7e6a4187c63b71f6e3ee87adeda48474a0d9787161e2d375d5c9e3a449c902f7
-
SHA512
fcd3db5feeeec9a1fe83b8c934d0a8dbf264cafdf7cbaf20084febccda09ae863d34c6819b00ef01e18b94bddec6f89217d25e60d0e1b9ec1c607cc3a234be81
-
SSDEEP
12288:gXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uv:mnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jf
Behavioral task
behavioral1
Sample
a1f5a8ee77c66ba3b74b55f37be7b5e5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1f5a8ee77c66ba3b74b55f37be7b5e5.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
darkcomet
Guest16_min
chememo1.no-ip.org:81
DCMIN_MUTEX-7W4BBR2
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
1xSDcZWTTQQQ
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
a1f5a8ee77c66ba3b74b55f37be7b5e5
-
Size
660KB
-
MD5
a1f5a8ee77c66ba3b74b55f37be7b5e5
-
SHA1
33c06f5fc98557b20be2719eb6b167de5db97833
-
SHA256
7e6a4187c63b71f6e3ee87adeda48474a0d9787161e2d375d5c9e3a449c902f7
-
SHA512
fcd3db5feeeec9a1fe83b8c934d0a8dbf264cafdf7cbaf20084febccda09ae863d34c6819b00ef01e18b94bddec6f89217d25e60d0e1b9ec1c607cc3a234be81
-
SSDEEP
12288:gXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uv:mnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jf
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-