General
-
Target
488b3504a1017ce9135816b3eefcdabfcd510f2e76ec32c946dd7f34c5d856ee.exe
-
Size
1.5MB
-
Sample
240412-bjscwsag64
-
MD5
e5ac403126ca121393b42a4598498cbd
-
SHA1
9f29ca8c7e7e31e98e89f0f55079f36606bcdd5e
-
SHA256
488b3504a1017ce9135816b3eefcdabfcd510f2e76ec32c946dd7f34c5d856ee
-
SHA512
fdcd1675b2754fb22e28988c814fa2cddaa8984cdf418b3b2332874a2c1f450c43edc7f8ccbe407b01d6b66b39bc8476616b306f7f070280cfa6b58778096783
-
SSDEEP
24576:xZ1xuVVjfFoynPaVBUR8f+kN10EB1x5cyLzoy4z5LPrMcs5dmYOYFQn1s97QJv8E:LQDgok30mzbL0zzJsKJS1QJv8wBT
Behavioral task
behavioral1
Sample
488b3504a1017ce9135816b3eefcdabfcd510f2e76ec32c946dd7f34c5d856ee.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
488b3504a1017ce9135816b3eefcdabfcd510f2e76ec32c946dd7f34c5d856ee.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
darkcomet
Guest16
192.168.124.132:1604
DC_MUTEX-LNCZHL2
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
pdA8zwNEGd25
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
488b3504a1017ce9135816b3eefcdabfcd510f2e76ec32c946dd7f34c5d856ee.exe
-
Size
1.5MB
-
MD5
e5ac403126ca121393b42a4598498cbd
-
SHA1
9f29ca8c7e7e31e98e89f0f55079f36606bcdd5e
-
SHA256
488b3504a1017ce9135816b3eefcdabfcd510f2e76ec32c946dd7f34c5d856ee
-
SHA512
fdcd1675b2754fb22e28988c814fa2cddaa8984cdf418b3b2332874a2c1f450c43edc7f8ccbe407b01d6b66b39bc8476616b306f7f070280cfa6b58778096783
-
SSDEEP
24576:xZ1xuVVjfFoynPaVBUR8f+kN10EB1x5cyLzoy4z5LPrMcs5dmYOYFQn1s97QJv8E:LQDgok30mzbL0zzJsKJS1QJv8wBT
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-