General
-
Target
ab6ba5bec568e340061bb8dde6c3342bf5fcb21b3d96badccabb252b77a9195a
-
Size
3.8MB
-
Sample
220502-w9ejyadbh9
-
MD5
57f9d1882f4bf9a35c66a3c7e541a174
-
SHA1
6c26537c0b251371c9e888f157f24017a00057eb
-
SHA256
ab6ba5bec568e340061bb8dde6c3342bf5fcb21b3d96badccabb252b77a9195a
-
SHA512
e76e92e95629581bc2ee0bafb4057446402c5ba72b2e2013a85c2109166412d07a2657815aeff13ee4e6f932016b6e32a7bdd5444bf560814b1c49a08877661f
Static task
static1
Behavioral task
behavioral1
Sample
ab6ba5bec568e340061bb8dde6c3342bf5fcb21b3d96badccabb252b77a9195a.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
2020NOV11
sandyclark255.hopto.org:1605
DC_MUTEX-C010SK7
-
gencode
cFXCTt13CuYM
-
install
false
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
false
Extracted
darkcomet
2020NOV1
sandyclark255.hopto.org:35887
DC_MUTEX-6XT818D
-
InstallPath
excelsl.exe
-
gencode
n7asq0Dbu7D2
-
install
true
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
true
-
reg_key
office
Targets
-
-
Target
ab6ba5bec568e340061bb8dde6c3342bf5fcb21b3d96badccabb252b77a9195a
-
Size
3.8MB
-
MD5
57f9d1882f4bf9a35c66a3c7e541a174
-
SHA1
6c26537c0b251371c9e888f157f24017a00057eb
-
SHA256
ab6ba5bec568e340061bb8dde6c3342bf5fcb21b3d96badccabb252b77a9195a
-
SHA512
e76e92e95629581bc2ee0bafb4057446402c5ba72b2e2013a85c2109166412d07a2657815aeff13ee4e6f932016b6e32a7bdd5444bf560814b1c49a08877661f
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-