General
-
Target
68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a
-
Size
838KB
-
Sample
240621-2el87axaml
-
MD5
66f3b3833902264db9ef07ca2f83ff52
-
SHA1
d3da2491ce5db90511b5896932a688e800dd620b
-
SHA256
68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a
-
SHA512
2b56e45bc1411a7335ff3cf467a3acaae3c21ce92ebe8e87c8a5f93a6bc145d7cc12f1d98e088c104cef9741ae44640e50f293fad7b24173f9aab0a0ac5d1dfe
-
SSDEEP
24576:rZ1xuVVjfFoynPaVBUR8f+kN10EB/+xicXD0QZh9uA:NQDgok30SPckA
Behavioral task
behavioral1
Sample
68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
Guest16
192.168.124.129:1604
DC_MUTEX-GHUCMYM
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
s648XXfZuZ4D
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a
-
Size
838KB
-
MD5
66f3b3833902264db9ef07ca2f83ff52
-
SHA1
d3da2491ce5db90511b5896932a688e800dd620b
-
SHA256
68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a
-
SHA512
2b56e45bc1411a7335ff3cf467a3acaae3c21ce92ebe8e87c8a5f93a6bc145d7cc12f1d98e088c104cef9741ae44640e50f293fad7b24173f9aab0a0ac5d1dfe
-
SSDEEP
24576:rZ1xuVVjfFoynPaVBUR8f+kN10EB/+xicXD0QZh9uA:NQDgok30SPckA
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-