General
-
Target
fa64cfb37edd229bee2a1cf4008bbe2748173784b3e154936aa5268e76c7c8ce
-
Size
823KB
-
Sample
220520-2twfeagad2
-
MD5
d6362c8c1b0ed8b8f70c252da342cf57
-
SHA1
00e518e0b1505abac2e3a3fd87cbf88b08ae4bac
-
SHA256
fa64cfb37edd229bee2a1cf4008bbe2748173784b3e154936aa5268e76c7c8ce
-
SHA512
69350ae820706c21ad369e16e43e649e602986e39981c786d9b67551e696ed7160cb111d7c077283cfdff18281dbe545605daa313623081970cdd4dc54edd30f
Behavioral task
behavioral1
Sample
fa64cfb37edd229bee2a1cf4008bbe2748173784b3e154936aa5268e76c7c8ce.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
umut
testediliyor.duckdns.org:1604
DC_MUTEX-S6FT1X7
-
InstallPath
MSDCSC\yasef.exe
-
gencode
okXMhdJ5gNUH
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
fa64cfb37edd229bee2a1cf4008bbe2748173784b3e154936aa5268e76c7c8ce
-
Size
823KB
-
MD5
d6362c8c1b0ed8b8f70c252da342cf57
-
SHA1
00e518e0b1505abac2e3a3fd87cbf88b08ae4bac
-
SHA256
fa64cfb37edd229bee2a1cf4008bbe2748173784b3e154936aa5268e76c7c8ce
-
SHA512
69350ae820706c21ad369e16e43e649e602986e39981c786d9b67551e696ed7160cb111d7c077283cfdff18281dbe545605daa313623081970cdd4dc54edd30f
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-