General
-
Target
62495c2cfde10b47d1c2cc907822fec4ca4f8b6e51c9216cf1dfdcc454c8a8d5
-
Size
762KB
-
Sample
220520-ptw1qabgb2
-
MD5
acaedef2c694bd1d58f4cb82ffb6318b
-
SHA1
316f234a5571b199a7d948f541ad3982536c033a
-
SHA256
62495c2cfde10b47d1c2cc907822fec4ca4f8b6e51c9216cf1dfdcc454c8a8d5
-
SHA512
82f718bc54003f0537e7923285ed6d3188e458301f95029d0d273660f643755af5d2654f9acc4f23dd62e8fb15b0e114c308b7cf4dfbd673579f4f1d5b804513
Static task
static1
Behavioral task
behavioral1
Sample
62495c2cfde10b47d1c2cc907822fec4ca4f8b6e51c9216cf1dfdcc454c8a8d5.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
×èòåð
62.33.2.50:1111
happycraft.hopto.org:1111
DC_MUTEX-1BX3PA1
-
InstallPath
temp\java.exe
-
gencode
6hPE8cPj7vE4
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
java.exe
Extracted
njrat
im523
HacKed
62.33.2.50:2222
41aabe8f8c6d7c53ac94c0ce4c6ce249
-
reg_key
41aabe8f8c6d7c53ac94c0ce4c6ce249
-
splitter
|'|'|
Targets
-
-
Target
62495c2cfde10b47d1c2cc907822fec4ca4f8b6e51c9216cf1dfdcc454c8a8d5
-
Size
762KB
-
MD5
acaedef2c694bd1d58f4cb82ffb6318b
-
SHA1
316f234a5571b199a7d948f541ad3982536c033a
-
SHA256
62495c2cfde10b47d1c2cc907822fec4ca4f8b6e51c9216cf1dfdcc454c8a8d5
-
SHA512
82f718bc54003f0537e7923285ed6d3188e458301f95029d0d273660f643755af5d2654f9acc4f23dd62e8fb15b0e114c308b7cf4dfbd673579f4f1d5b804513
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
suricata: ET MALWARE Common RAT Connectivity Check Observed
suricata: ET MALWARE Common RAT Connectivity Check Observed
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-