General
-
Target
6cdd8396703edddaf4a0273aaa07ba21b015f94bebc1f9cba18e891dee562637
-
Size
385KB
-
Sample
201111-46dct23hbj
-
MD5
18bd9d5b34767fee5ff6b1b209c43b88
-
SHA1
378a9b8ab39c916e908ee5d5e01b685566377aae
-
SHA256
6cdd8396703edddaf4a0273aaa07ba21b015f94bebc1f9cba18e891dee562637
-
SHA512
1698105a6b6eb4a65c69f15cd2493eb9108546abdc9f3f65f40004ac03463afa0c05d081b2fc0e927ae5a6b251b18eef94af50b5b1df6f709c741e389a5c4461
Static task
static1
Behavioral task
behavioral1
Sample
6cdd8396703edddaf4a0273aaa07ba21b015f94bebc1f9cba18e891dee562637.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
6cdd8396703edddaf4a0273aaa07ba21b015f94bebc1f9cba18e891dee562637.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
06-11-2020
LAMIA-41739.portmap.io:41739
karmina113.sytes.net:7777
karmina200.sytes.net:7777
DC_MUTEX-R9E2RDG
-
InstallPath
svchost\svchost.exe
-
gencode
dneJWn9fFTdt
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
6cdd8396703edddaf4a0273aaa07ba21b015f94bebc1f9cba18e891dee562637
-
Size
385KB
-
MD5
18bd9d5b34767fee5ff6b1b209c43b88
-
SHA1
378a9b8ab39c916e908ee5d5e01b685566377aae
-
SHA256
6cdd8396703edddaf4a0273aaa07ba21b015f94bebc1f9cba18e891dee562637
-
SHA512
1698105a6b6eb4a65c69f15cd2493eb9108546abdc9f3f65f40004ac03463afa0c05d081b2fc0e927ae5a6b251b18eef94af50b5b1df6f709c741e389a5c4461
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-