General
-
Target
9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905
-
Size
337KB
-
Sample
220724-qx8z5aeaf9
-
MD5
4f8e31356bf04b080c5ba8e47756c50f
-
SHA1
3b5eb07249e213865f1f0f4e779b2db126346c2b
-
SHA256
9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905
-
SHA512
2c93d7ffad05bea58635a2445aab9b2a5d050b41c7c940bf74a066b2f4db8e4ecda110c7145a7b7de98904b40f3e8251d9a142cc1aaf4308c653aec26759a71f
Behavioral task
behavioral1
Sample
9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905.exe
Resource
win7-20220718-en
Malware Config
Extracted
darkcomet
Guest16
globalgarus.bounceme.net:5552
DC_MUTEX-1A53RNC
-
InstallPath
MSDCSC\testinform.exe
-
gencode
qQc4wjtBrTS4
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905
-
Size
337KB
-
MD5
4f8e31356bf04b080c5ba8e47756c50f
-
SHA1
3b5eb07249e213865f1f0f4e779b2db126346c2b
-
SHA256
9b82aa17d4bf5cbeb90702eb219fc0c845abfe8a4e00826d67ac60f6129f9905
-
SHA512
2c93d7ffad05bea58635a2445aab9b2a5d050b41c7c940bf74a066b2f4db8e4ecda110c7145a7b7de98904b40f3e8251d9a142cc1aaf4308c653aec26759a71f
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-