General
-
Target
bead91caaf845e14a7001231698f1144beb8cb8c157a794d74fc1c160d2a3c4d
-
Size
756KB
-
Sample
220725-ajc3jaefh4
-
MD5
e9c92662c7d369291871125329171a44
-
SHA1
c801b48c299553f9b69bf8c9787fc8f2e8f7d777
-
SHA256
bead91caaf845e14a7001231698f1144beb8cb8c157a794d74fc1c160d2a3c4d
-
SHA512
1ffc4ccd4078d316fdaf92c6a69d81f697eb710906484b123ebb0ee53c00a4525d612d50cab96f2ba1793582f7ffab7b9b2e0a99f106f5ca8e482d84380ec37f
Behavioral task
behavioral1
Sample
bead91caaf845e14a7001231698f1144beb8cb8c157a794d74fc1c160d2a3c4d.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
bead91caaf845e14a7001231698f1144beb8cb8c157a794d74fc1c160d2a3c4d.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
darkcomet
Guest16
clxwer.ddns.net:1604
DC_MUTEX-4H8YQZ6
-
InstallPath
MSDCSC\Java
-
gencode
w8l5MY1E88kN
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
svchost
Targets
-
-
Target
bead91caaf845e14a7001231698f1144beb8cb8c157a794d74fc1c160d2a3c4d
-
Size
756KB
-
MD5
e9c92662c7d369291871125329171a44
-
SHA1
c801b48c299553f9b69bf8c9787fc8f2e8f7d777
-
SHA256
bead91caaf845e14a7001231698f1144beb8cb8c157a794d74fc1c160d2a3c4d
-
SHA512
1ffc4ccd4078d316fdaf92c6a69d81f697eb710906484b123ebb0ee53c00a4525d612d50cab96f2ba1793582f7ffab7b9b2e0a99f106f5ca8e482d84380ec37f
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-