General
-
Target
bd5b7d938e9239a63dd3cd7a983f9f55
-
Size
1.8MB
-
Sample
240310-caw56ahf5t
-
MD5
bd5b7d938e9239a63dd3cd7a983f9f55
-
SHA1
615f62ddd511d4c13b9f2765394ddf5977050398
-
SHA256
1529bd2480155dd41221b9729b08f0a14d718aea591ee7d1b0b9406f5687c606
-
SHA512
3fca63dd2adc40581e774e229ba70ac91e2566d9d53c742dde1b43fd65299e45b6758b0abfc692e9229d8f7ec62e1bd0c5f611504bbc34f61c42babb91a21f22
-
SSDEEP
49152:vkwkn9IMHeaHw0dWXPUYsUt0G0bIA4aIXaPCS:8dnVjMX1tt0EA40PC
Static task
static1
Behavioral task
behavioral1
Sample
bd5b7d938e9239a63dd3cd7a983f9f55.exe
Resource
win7-20240215-en
Malware Config
Extracted
darkcomet
Guest16
10.10.0.100:1604
DC_MUTEX-CK91ZJ9
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Fk5GVHWLTpJu
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
bd5b7d938e9239a63dd3cd7a983f9f55
-
Size
1.8MB
-
MD5
bd5b7d938e9239a63dd3cd7a983f9f55
-
SHA1
615f62ddd511d4c13b9f2765394ddf5977050398
-
SHA256
1529bd2480155dd41221b9729b08f0a14d718aea591ee7d1b0b9406f5687c606
-
SHA512
3fca63dd2adc40581e774e229ba70ac91e2566d9d53c742dde1b43fd65299e45b6758b0abfc692e9229d8f7ec62e1bd0c5f611504bbc34f61c42babb91a21f22
-
SSDEEP
49152:vkwkn9IMHeaHw0dWXPUYsUt0G0bIA4aIXaPCS:8dnVjMX1tt0EA40PC
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-