General
-
Target
c0e0ef92f69f8a30ca35b125b74b8294
-
Size
484KB
-
Sample
240311-sb7w2shg37
-
MD5
c0e0ef92f69f8a30ca35b125b74b8294
-
SHA1
2ca329e5230bdb1e2f1e4ab5db928a3ccfce86ce
-
SHA256
14d82a8323d815e4a8d888a6b95d04b2279b2d618c3cc1487643f7b477041232
-
SHA512
414f5e430bdfced787703692879a89888fc2c42ab6d1741c3acbcd79f73ff941caae4eea151f5d3137d79d3c24ba92faf45b6f3572782391a0ec0c4630ee3831
-
SSDEEP
6144:3snxekcgA04STi+/ZxkSs9O2vFBc93d1ZBjpfVRV1Qyt56d+strP8MJaLdcp6Nk4:cxekhA04LBJNKJpfLTDcPHaBcw3
Static task
static1
Behavioral task
behavioral1
Sample
c0e0ef92f69f8a30ca35b125b74b8294.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c0e0ef92f69f8a30ca35b125b74b8294.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Guest16
alpachino.zapto.org:1606
127.0.0.1:1606
DC_MUTEX-Z42UGJP
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
jXzF8jNN2epT
-
install
true
-
offline_keylogger
true
-
password
k1c2d3i4
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
c0e0ef92f69f8a30ca35b125b74b8294
-
Size
484KB
-
MD5
c0e0ef92f69f8a30ca35b125b74b8294
-
SHA1
2ca329e5230bdb1e2f1e4ab5db928a3ccfce86ce
-
SHA256
14d82a8323d815e4a8d888a6b95d04b2279b2d618c3cc1487643f7b477041232
-
SHA512
414f5e430bdfced787703692879a89888fc2c42ab6d1741c3acbcd79f73ff941caae4eea151f5d3137d79d3c24ba92faf45b6f3572782391a0ec0c4630ee3831
-
SSDEEP
6144:3snxekcgA04STi+/ZxkSs9O2vFBc93d1ZBjpfVRV1Qyt56d+strP8MJaLdcp6Nk4:cxekhA04LBJNKJpfLTDcPHaBcw3
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-