General
-
Target
vpn-sg.exe
-
Size
756KB
-
Sample
240403-pedktsch9x
-
MD5
46312df6c5ddc1f1c31051b7a6ccd792
-
SHA1
0cd971f850841246463b7ebd6fafa8090b443bd4
-
SHA256
d484e27c6aa0cfd3f3be41616901d5eaded7ab35632035a22f94538981f403a9
-
SHA512
b227329c43de53577af461c93aa7af27932457ad21eaa13e4ff53a0a5c6e2c4f99e12e5d0e8767d58e105e8cf619dfde28075995f32653b3e5cf54fd1fbfac6f
-
SSDEEP
12288:F9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h+:PZ1xuVVjfFoynPaVBUR8f+kN10EBI
Behavioral task
behavioral1
Sample
vpn-sg.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
vpn-sg.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
darkcomet
Guest16
45.61.152.61:1604
DC_MUTEX-75H671P
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
rvR4QwZQ1qCt
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
vpn-sg.exe
-
Size
756KB
-
MD5
46312df6c5ddc1f1c31051b7a6ccd792
-
SHA1
0cd971f850841246463b7ebd6fafa8090b443bd4
-
SHA256
d484e27c6aa0cfd3f3be41616901d5eaded7ab35632035a22f94538981f403a9
-
SHA512
b227329c43de53577af461c93aa7af27932457ad21eaa13e4ff53a0a5c6e2c4f99e12e5d0e8767d58e105e8cf619dfde28075995f32653b3e5cf54fd1fbfac6f
-
SSDEEP
12288:F9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h+:PZ1xuVVjfFoynPaVBUR8f+kN10EBI
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-