General
-
Target
d020b049313ec9b24c829f81a315cac63f00000a22ff60e5f433ef0a1ad589b9
-
Size
3.5MB
-
Sample
220502-se18nsaadj
-
MD5
8143e4662e68907b624633013fff7ca3
-
SHA1
9a0fc7a71a26289e37298ff5a297bdb11b976e0f
-
SHA256
d020b049313ec9b24c829f81a315cac63f00000a22ff60e5f433ef0a1ad589b9
-
SHA512
cb0d55a9cfe65953471d3368122b3f590bb553bff7d92b3ce2802b75227de1d419dfab83ab6f7bdcf9fba0995ad3cd43fbea7c4bd2c4fcf44fadacf3cc4657cd
Static task
static1
Behavioral task
behavioral1
Sample
d020b049313ec9b24c829f81a315cac63f00000a22ff60e5f433ef0a1ad589b9.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
2020NOV1
sandyclark255.hopto.org:35887
DC_MUTEX-6XT818D
-
InstallPath
excelsl.exe
-
gencode
n7asq0Dbu7D2
-
install
true
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
true
-
reg_key
office
Targets
-
-
Target
d020b049313ec9b24c829f81a315cac63f00000a22ff60e5f433ef0a1ad589b9
-
Size
3.5MB
-
MD5
8143e4662e68907b624633013fff7ca3
-
SHA1
9a0fc7a71a26289e37298ff5a297bdb11b976e0f
-
SHA256
d020b049313ec9b24c829f81a315cac63f00000a22ff60e5f433ef0a1ad589b9
-
SHA512
cb0d55a9cfe65953471d3368122b3f590bb553bff7d92b3ce2802b75227de1d419dfab83ab6f7bdcf9fba0995ad3cd43fbea7c4bd2c4fcf44fadacf3cc4657cd
-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-