General
-
Target
SBHJYT.exe
-
Size
13.9MB
-
Sample
210814-74xqhqeafx
-
MD5
20799f295c5b0e5aa27b5896b230b57a
-
SHA1
e0e72f3a636f4dcd87bb5606f24fe0ff298fbb74
-
SHA256
3d96847f7962c01a7951f95acb29dff7999b7e8d54c946b3b1ccd035cbf2bcb1
-
SHA512
70cd3984c49da18dc9aeb852f745a8324a93583ab892af7f08bf5372cdb4ffc0cb0cce4033988d9088aaf1b0c740f612690addf9598ad3349ef6ef79112b3d16
Static task
static1
Behavioral task
behavioral1
Sample
SBHJYT.exe
Resource
win7v20210408
Malware Config
Extracted
darkcomet
Guest16
onlinebonjour1pt.ddns.net:1605
DC_MUTEX-K9JEE5J
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
PPlJGVizdNKt
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Microdaptxx
Targets
-
-
Target
SBHJYT.exe
-
Size
13.9MB
-
MD5
20799f295c5b0e5aa27b5896b230b57a
-
SHA1
e0e72f3a636f4dcd87bb5606f24fe0ff298fbb74
-
SHA256
3d96847f7962c01a7951f95acb29dff7999b7e8d54c946b3b1ccd035cbf2bcb1
-
SHA512
70cd3984c49da18dc9aeb852f745a8324a93583ab892af7f08bf5372cdb4ffc0cb0cce4033988d9088aaf1b0c740f612690addf9598ad3349ef6ef79112b3d16
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-