General
-
Target
9320b8cf9eb43952636f26b9d30787dd6dd9bfd6e202006900bcfeb495d0f670
-
Size
692KB
-
Sample
220521-xyydcagaaq
-
MD5
95dba9c1967098ee9ae4a184c91e8043
-
SHA1
bf692ce0292a6e665ac2d12530c6343bb9175a04
-
SHA256
9320b8cf9eb43952636f26b9d30787dd6dd9bfd6e202006900bcfeb495d0f670
-
SHA512
5e60d6b6e884f681f659fe1f2ae9ade49316c7e5ae4bc444c34dae38196e1abfc0765798ff17ad0c45d35f0e74883488f04820128e7fbc8d26440bf24e1272b6
Behavioral task
behavioral1
Sample
9320b8cf9eb43952636f26b9d30787dd6dd9bfd6e202006900bcfeb495d0f670.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
Guest16
95.190.35.235:1604
DC_MUTEX-3ZHZ8MG
-
InstallPath
MSDCSC\explorer.exe
-
gencode
W0KYPkPyqZc8
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
9320b8cf9eb43952636f26b9d30787dd6dd9bfd6e202006900bcfeb495d0f670
-
Size
692KB
-
MD5
95dba9c1967098ee9ae4a184c91e8043
-
SHA1
bf692ce0292a6e665ac2d12530c6343bb9175a04
-
SHA256
9320b8cf9eb43952636f26b9d30787dd6dd9bfd6e202006900bcfeb495d0f670
-
SHA512
5e60d6b6e884f681f659fe1f2ae9ade49316c7e5ae4bc444c34dae38196e1abfc0765798ff17ad0c45d35f0e74883488f04820128e7fbc8d26440bf24e1272b6
-
Modifies WinLogon for persistence
-
Modifies security service
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-