General
-
Target
be37ae1be7e42ba172b42dca3cfdfa04
-
Size
412KB
-
Sample
240310-k4as1shb36
-
MD5
be37ae1be7e42ba172b42dca3cfdfa04
-
SHA1
7edfb2f6b681b966bcb3669a2bb3f6a164208c4f
-
SHA256
efa0aba4eed3c37dbb6ca543bf5915719f4353bdb58499e2863dbef8a0acfd41
-
SHA512
dfbc45f550d9117965d1e4869bd16c713a2f62d283ae6db533380f1600bdd12f22a2d9ab64ac2f00a0c8d4a6991ec3d8e8b74eace419a71d4996f474354cdbdb
-
SSDEEP
6144:YCKLOKgJU6XvB442eo4+Kn8o2mT8dMPcLO9Q+sBpeA:YwK5XOV2YkqABX
Static task
static1
Behavioral task
behavioral1
Sample
be37ae1be7e42ba172b42dca3cfdfa04.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:81
DC_MUTEX-F54S21D
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
0S2UNwiZrvBq
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
be37ae1be7e42ba172b42dca3cfdfa04
-
Size
412KB
-
MD5
be37ae1be7e42ba172b42dca3cfdfa04
-
SHA1
7edfb2f6b681b966bcb3669a2bb3f6a164208c4f
-
SHA256
efa0aba4eed3c37dbb6ca543bf5915719f4353bdb58499e2863dbef8a0acfd41
-
SHA512
dfbc45f550d9117965d1e4869bd16c713a2f62d283ae6db533380f1600bdd12f22a2d9ab64ac2f00a0c8d4a6991ec3d8e8b74eace419a71d4996f474354cdbdb
-
SSDEEP
6144:YCKLOKgJU6XvB442eo4+Kn8o2mT8dMPcLO9Q+sBpeA:YwK5XOV2YkqABX
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-