General
-
Target
92760963e6eb5e27406510ce615900b7dd6d2ff618cd88f799bf0cb9ac387bb3
-
Size
254KB
-
Sample
220521-xyzleacge9
-
MD5
175f2d9aebc4ac568a483a86af5e2188
-
SHA1
1883c73576b01e32c59643f00730906058795175
-
SHA256
92760963e6eb5e27406510ce615900b7dd6d2ff618cd88f799bf0cb9ac387bb3
-
SHA512
c1801bccb90550511c23524f01278232bed5e03a6e65b01c5d90d683830083d155a035efe1e5c6b64268f594d64b0d0a064a4eb2e5ec1b0fa9f53f517395ee15
Behavioral task
behavioral1
Sample
92760963e6eb5e27406510ce615900b7dd6d2ff618cd88f799bf0cb9ac387bb3.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
People
radeiaor111.hopto.org:1604
DC_MUTEX-MYYG5AQ
-
InstallPath
app\update.exe
-
gencode
JRjs4z5EKcwD
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
92760963e6eb5e27406510ce615900b7dd6d2ff618cd88f799bf0cb9ac387bb3
-
Size
254KB
-
MD5
175f2d9aebc4ac568a483a86af5e2188
-
SHA1
1883c73576b01e32c59643f00730906058795175
-
SHA256
92760963e6eb5e27406510ce615900b7dd6d2ff618cd88f799bf0cb9ac387bb3
-
SHA512
c1801bccb90550511c23524f01278232bed5e03a6e65b01c5d90d683830083d155a035efe1e5c6b64268f594d64b0d0a064a4eb2e5ec1b0fa9f53f517395ee15
-
Modifies WinLogon for persistence
-
Modifies security service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-