General
-
Target
b237e465f6be6ae68fb25474d514718ef29b59601651b19897370ce72ea0d733
-
Size
659KB
-
Sample
220725-e6x4faegh2
-
MD5
ab9f0ba9e9a9f560b1a751753bbda072
-
SHA1
ab74ddcb47d0f2380f8d6f7033946a0efb57ef05
-
SHA256
b237e465f6be6ae68fb25474d514718ef29b59601651b19897370ce72ea0d733
-
SHA512
86468ae3ea2011aa41ee195e4e3afb5775ddaf346987a9c799e61d5efbc9eea31aab442310417bbbbd1a31fe7cf93d49397ec8f85c732b920c110ad64556114c
Behavioral task
behavioral1
Sample
b237e465f6be6ae68fb25474d514718ef29b59601651b19897370ce72ea0d733.exe
Resource
win7-20220715-en
Malware Config
Extracted
darkcomet
Guest16
dark666.ddns.net:4404
DC_MUTEX-JEQGQ39
-
InstallPath
MSDCSC\svchost.exe
-
gencode
sfuC1uourBRa
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
svchost
Targets
-
-
Target
b237e465f6be6ae68fb25474d514718ef29b59601651b19897370ce72ea0d733
-
Size
659KB
-
MD5
ab9f0ba9e9a9f560b1a751753bbda072
-
SHA1
ab74ddcb47d0f2380f8d6f7033946a0efb57ef05
-
SHA256
b237e465f6be6ae68fb25474d514718ef29b59601651b19897370ce72ea0d733
-
SHA512
86468ae3ea2011aa41ee195e4e3afb5775ddaf346987a9c799e61d5efbc9eea31aab442310417bbbbd1a31fe7cf93d49397ec8f85c732b920c110ad64556114c
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-