General
-
Target
49f11c4d10a349111f0ef31e2eb85b4bd2e2322bb583a3140843639baa39134f
-
Size
960KB
-
Sample
220712-sh3wnsaaf9
-
MD5
aafeaa06b1e6d52edd89c594e46bea74
-
SHA1
dcd2e35fdcfa76a31a556a2cbbb56c23bc777e9b
-
SHA256
49f11c4d10a349111f0ef31e2eb85b4bd2e2322bb583a3140843639baa39134f
-
SHA512
faf1121af24950c24785e6eb2868db96981759939bf4deca87965c134e7cce7017cc3d3f3219e5bb22147352ad4675321d8a62b96ce36ad5c3027cfa3bda7aec
Static task
static1
Behavioral task
behavioral1
Sample
49f11c4d10a349111f0ef31e2eb85b4bd2e2322bb583a3140843639baa39134f.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
FEB99
iralushina2017.hopto.org:1620
DC_MUTEX-72LNQ7L
-
InstallPath
MSDCSC\svehost.exe
-
gencode
vmwR6gb4kYdw
-
install
true
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
true
-
reg_key
svehost
Extracted
darkcomet
FEB9
iralushina2017.hopto.org:1620
DC_MUTEX-350P5LS
-
InstallPath
MSDCSC\svwhost.exe
-
gencode
y4TaaiFjK2cn
-
install
true
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
true
-
reg_key
svwhost
Targets
-
-
Target
49f11c4d10a349111f0ef31e2eb85b4bd2e2322bb583a3140843639baa39134f
-
Size
960KB
-
MD5
aafeaa06b1e6d52edd89c594e46bea74
-
SHA1
dcd2e35fdcfa76a31a556a2cbbb56c23bc777e9b
-
SHA256
49f11c4d10a349111f0ef31e2eb85b4bd2e2322bb583a3140843639baa39134f
-
SHA512
faf1121af24950c24785e6eb2868db96981759939bf4deca87965c134e7cce7017cc3d3f3219e5bb22147352ad4675321d8a62b96ce36ad5c3027cfa3bda7aec
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-