General
-
Target
b1418392b544a51ff07f543c3f76030f
-
Size
1.1MB
-
Sample
201117-l31vc6r9y6
-
MD5
b1418392b544a51ff07f543c3f76030f
-
SHA1
6fbad484bbfd66afc868c6d1d700aa3eed644e70
-
SHA256
dd146247f7cb47a6256829a01089d8e95d67d31d52431eeb0261333615927152
-
SHA512
a14feac08bc7b4da4ccb9ddff8069bee7c2ac125c9128ae773cbf546d0bc03c76ae7b2c292916062fcc691969ef062c008ce578ac69c663c5de0340173364d87
Static task
static1
Behavioral task
behavioral1
Sample
b1418392b544a51ff07f543c3f76030f.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
b1418392b544a51ff07f543c3f76030f.exe
Resource
win10v20201028
Malware Config
Extracted
darkcomet
Winrar 5.0 final 10-10-2013
rainbowie.no-ip.biz:2302
DC_MUTEX-GL3ZW69
-
InstallPath
windirsx.exe
-
gencode
4EYDgQDgUmXr
-
install
true
-
offline_keylogger
true
-
password
hypethetimet
-
persistence
true
-
reg_key
Windows Login System
Targets
-
-
Target
b1418392b544a51ff07f543c3f76030f
-
Size
1.1MB
-
MD5
b1418392b544a51ff07f543c3f76030f
-
SHA1
6fbad484bbfd66afc868c6d1d700aa3eed644e70
-
SHA256
dd146247f7cb47a6256829a01089d8e95d67d31d52431eeb0261333615927152
-
SHA512
a14feac08bc7b4da4ccb9ddff8069bee7c2ac125c9128ae773cbf546d0bc03c76ae7b2c292916062fcc691969ef062c008ce578ac69c663c5de0340173364d87
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-