General
-
Target
17a6cf62409d259d281c82ae00259d66.bin
-
Size
700KB
-
Sample
240629-cjst4aydmc
-
MD5
17a6cf62409d259d281c82ae00259d66
-
SHA1
15c2bccc3f8bc41190eaa6b49da6c99eccf1602d
-
SHA256
1ccaafea3b64fe2c5e7859d550ade584d93e7bdc28472317022693456c6f2c64
-
SHA512
2d0e56b9117b7dd0f6f1910dad82b09f9e1d693d238422498c93c3d14e6de7ebdef4bd0decfc20582305b1ed41db98ff4bd447da72181dc97e6aa8601fd6110b
-
SSDEEP
12288:/yPPQ1ufEoYFwm4jFySBXY3sHuss0dtyxvlrKnnmRjVLPrJHbFJ8:/yPPMpoY6HXY3Kusfexv4n6jVLxc
Static task
static1
Behavioral task
behavioral1
Sample
17a6cf62409d259d281c82ae00259d66.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
17a6cf62409d259d281c82ae00259d66.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
åååååååååå
ogdd.servemp3.com:4433
DC_MUTEX-LGYC4QH
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
7UYk2EHbmDiQ
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
17a6cf62409d259d281c82ae00259d66.bin
-
Size
700KB
-
MD5
17a6cf62409d259d281c82ae00259d66
-
SHA1
15c2bccc3f8bc41190eaa6b49da6c99eccf1602d
-
SHA256
1ccaafea3b64fe2c5e7859d550ade584d93e7bdc28472317022693456c6f2c64
-
SHA512
2d0e56b9117b7dd0f6f1910dad82b09f9e1d693d238422498c93c3d14e6de7ebdef4bd0decfc20582305b1ed41db98ff4bd447da72181dc97e6aa8601fd6110b
-
SSDEEP
12288:/yPPQ1ufEoYFwm4jFySBXY3sHuss0dtyxvlrKnnmRjVLPrJHbFJ8:/yPPMpoY6HXY3Kusfexv4n6jVLxc
Score10/10-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-