General
-
Target
a0f7c2f2ac9cd595abc825bbed28df20ffdbbf7664269cf3c49c106a267dba62
-
Size
252KB
-
Sample
220521-w68zdabag8
-
MD5
532a6afb45c841f08a0ff9f104559334
-
SHA1
2fe9463e271b50907d72174992f4adf5c5c5eace
-
SHA256
a0f7c2f2ac9cd595abc825bbed28df20ffdbbf7664269cf3c49c106a267dba62
-
SHA512
313db495bc51449b94484e749a2bee932686fabdfcf2e1a6e2c8caa10fe034960408c2f6a9b90f31e3ae55a1881752fab4baf1bae1fc5d14cf073884c358e7a4
Static task
static1
Behavioral task
behavioral1
Sample
a0f7c2f2ac9cd595abc825bbed28df20ffdbbf7664269cf3c49c106a267dba62.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
stepa_po4ta
triplekill.ddns.net:1604
DC_MUTEX-Y6BWJ5B
-
InstallPath
MSDCSC\proverka_stiller.exe
-
gencode
qsGLcJtz3RXp
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Java
Targets
-
-
Target
a0f7c2f2ac9cd595abc825bbed28df20ffdbbf7664269cf3c49c106a267dba62
-
Size
252KB
-
MD5
532a6afb45c841f08a0ff9f104559334
-
SHA1
2fe9463e271b50907d72174992f4adf5c5c5eace
-
SHA256
a0f7c2f2ac9cd595abc825bbed28df20ffdbbf7664269cf3c49c106a267dba62
-
SHA512
313db495bc51449b94484e749a2bee932686fabdfcf2e1a6e2c8caa10fe034960408c2f6a9b90f31e3ae55a1881752fab4baf1bae1fc5d14cf073884c358e7a4
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-