General
-
Target
8614b2ded956894eb65f1fb498624d8cfe9f5ee05599981ef6f16dc7c7ee89bf
-
Size
251KB
-
Sample
220520-2kkmjsaefq
-
MD5
dfa5a24fcaf54c7a0281e86994eba56b
-
SHA1
bb3a4e20e147f646c560b95c645f0ac813ab8ef7
-
SHA256
8614b2ded956894eb65f1fb498624d8cfe9f5ee05599981ef6f16dc7c7ee89bf
-
SHA512
efc1e5843f4145563599cf94a983013d986b7bf1f5acb188ab8e9a67e18129c447ad510fe03294ad10924690c79196bbc912acc158e898337880336d36fa1ea6
Malware Config
Extracted
darkcomet
×åëîâåê
192.168.0.104:1604
fortdark.ddns.net:1604
DC_MUTEX-9AJGZC0
-
InstallPath
MSDCSC\Java
-
gencode
QzruVUr8hxHE
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
svhost
Targets
-
-
Target
8614b2ded956894eb65f1fb498624d8cfe9f5ee05599981ef6f16dc7c7ee89bf
-
Size
251KB
-
MD5
dfa5a24fcaf54c7a0281e86994eba56b
-
SHA1
bb3a4e20e147f646c560b95c645f0ac813ab8ef7
-
SHA256
8614b2ded956894eb65f1fb498624d8cfe9f5ee05599981ef6f16dc7c7ee89bf
-
SHA512
efc1e5843f4145563599cf94a983013d986b7bf1f5acb188ab8e9a67e18129c447ad510fe03294ad10924690c79196bbc912acc158e898337880336d36fa1ea6
Score10/10-
Modifies WinLogon for persistence
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-