General
-
Target
844fdc307207e49c308561468f99e2255b4c2759370e1c3b13919db926630d41
-
Size
846KB
-
Sample
210914-hw9w2afbg2
-
MD5
54980a2c2e132311d59f1a40dda738d6
-
SHA1
df9d197eb624843946f49c43bb9d2f91177db165
-
SHA256
844fdc307207e49c308561468f99e2255b4c2759370e1c3b13919db926630d41
-
SHA512
e1b6a08c06e07fb59e3964d07d15873b71fa8178b8826bb2a2f428715325c03af47454a516b1d411be64cee3c2a902987cfc9c9f517018d27f0ed6b97fed7d60
Behavioral task
behavioral1
Sample
844fdc307207e49c308561468f99e2255b4c2759370e1c3b13919db926630d41.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
844fdc307207e49c308561468f99e2255b4c2759370e1c3b13919db926630d41.exe
Resource
win10-en
Malware Config
Extracted
darkcomet
Sazan
remcoskullan�m.duckdns.org:80
DC_MUTEX-3S6A2GM
-
InstallPath
MSDCSC\minecraft son s�r�m reach.exe
-
gencode
Qt7RzAMuvyL0
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
844fdc307207e49c308561468f99e2255b4c2759370e1c3b13919db926630d41
-
Size
846KB
-
MD5
54980a2c2e132311d59f1a40dda738d6
-
SHA1
df9d197eb624843946f49c43bb9d2f91177db165
-
SHA256
844fdc307207e49c308561468f99e2255b4c2759370e1c3b13919db926630d41
-
SHA512
e1b6a08c06e07fb59e3964d07d15873b71fa8178b8826bb2a2f428715325c03af47454a516b1d411be64cee3c2a902987cfc9c9f517018d27f0ed6b97fed7d60
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-