General
-
Target
cfa850db87d98eed49dec543a7977ef9221dc62bd48c7aaaaafe1327c864aa72
-
Size
1.3MB
-
Sample
210908-hfcatshbdq
-
MD5
50889863763dec84072482d72d257a5a
-
SHA1
ee585ed89df214b743ceb8fe2cf85999e6013806
-
SHA256
cfa850db87d98eed49dec543a7977ef9221dc62bd48c7aaaaafe1327c864aa72
-
SHA512
4fb2c1a727d4b703e0e88eef85b4d57f181f9a0658219e493f3a3435c98defb0dc845c3d07b5be1d0bac5357f3e2a5b03e38b696fa846e8e17b4fc50f5c5d5eb
Static task
static1
Behavioral task
behavioral1
Sample
cfa850db87d98eed49dec543a7977ef9221dc62bd48c7aaaaafe1327c864aa72.exe
Resource
win7v20210408
Malware Config
Extracted
darkcomet
m2
127.0.0.1:1604
laylaylom15975300.freeddns.org:1604
DC_MUTEX-J1SBQ5X
-
InstallPath
MSDCSC\iexplorer.exe
-
gencode
bTMSQkMKM11U
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Windows Defender
Targets
-
-
Target
cfa850db87d98eed49dec543a7977ef9221dc62bd48c7aaaaafe1327c864aa72
-
Size
1.3MB
-
MD5
50889863763dec84072482d72d257a5a
-
SHA1
ee585ed89df214b743ceb8fe2cf85999e6013806
-
SHA256
cfa850db87d98eed49dec543a7977ef9221dc62bd48c7aaaaafe1327c864aa72
-
SHA512
4fb2c1a727d4b703e0e88eef85b4d57f181f9a0658219e493f3a3435c98defb0dc845c3d07b5be1d0bac5357f3e2a5b03e38b696fa846e8e17b4fc50f5c5d5eb
-
Modifies WinLogon for persistence
-
Modifies security service
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-