General
-
Target
39d7a5ddfc61d4ce34e76bf080d69a02574705068506ae7508347199336c3f36
-
Size
690KB
-
Sample
220725-aje7wsefh8
-
MD5
b1054ce8f34ae583487bd889bf03fb39
-
SHA1
405a0010eda09b5878596a7d91abf0ffe58634db
-
SHA256
39d7a5ddfc61d4ce34e76bf080d69a02574705068506ae7508347199336c3f36
-
SHA512
5f03041137cb4fb942b96f8d6e2f44849be7d393b9f7231581ad6637d8ebba7864c38defe922f238661dc525e6d2dc726e3e456cbc540f977b13162100629345
Malware Config
Extracted
darkcomet
Guest16
vilivonka.ddns.net:1604
188.163.96.119:1604
DC_MUTEX-TMB3S06
-
InstallPath
MSDCSC\java
-
gencode
LNiB56tYoyU1
-
install
true
-
offline_keylogger
false
-
persistence
false
-
reg_key
svhost
Targets
-
-
Target
39d7a5ddfc61d4ce34e76bf080d69a02574705068506ae7508347199336c3f36
-
Size
690KB
-
MD5
b1054ce8f34ae583487bd889bf03fb39
-
SHA1
405a0010eda09b5878596a7d91abf0ffe58634db
-
SHA256
39d7a5ddfc61d4ce34e76bf080d69a02574705068506ae7508347199336c3f36
-
SHA512
5f03041137cb4fb942b96f8d6e2f44849be7d393b9f7231581ad6637d8ebba7864c38defe922f238661dc525e6d2dc726e3e456cbc540f977b13162100629345
Score10/10-
Modifies WinLogon for persistence
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-