General
-
Target
7d434574ff84cb293111d4ba1b953faa36eb49d8a257539e80b755e3f8fc3224
-
Size
658KB
-
Sample
221001-3mls3adder
-
MD5
6d2af3af93fbb8e1fd8cbfde6fb810c0
-
SHA1
aa0574609abf1acd8a7e27396548f32e6aac52d7
-
SHA256
7d434574ff84cb293111d4ba1b953faa36eb49d8a257539e80b755e3f8fc3224
-
SHA512
08feaec307d69c4ef91b91a50c54a0dd8ffde4e12e48681565d7999e82c9d9ceb155ca853d34ffe9a8a8f76c8f5aa9e92c534a476cceb5de060fd08de434e354
-
SSDEEP
12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hM:KZ1xuVVjfFoynPaVBUR8f+kN10EBe
Behavioral task
behavioral1
Sample
7d434574ff84cb293111d4ba1b953faa36eb49d8a257539e80b755e3f8fc3224.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Hacked
127.0.0.1:1996
EXMDUUZQTE
-
InstallPath
IntelUpdate\Intel.exe
-
gencode
gvuUE7r66tTs
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
IntelUpdate
Targets
-
-
Target
7d434574ff84cb293111d4ba1b953faa36eb49d8a257539e80b755e3f8fc3224
-
Size
658KB
-
MD5
6d2af3af93fbb8e1fd8cbfde6fb810c0
-
SHA1
aa0574609abf1acd8a7e27396548f32e6aac52d7
-
SHA256
7d434574ff84cb293111d4ba1b953faa36eb49d8a257539e80b755e3f8fc3224
-
SHA512
08feaec307d69c4ef91b91a50c54a0dd8ffde4e12e48681565d7999e82c9d9ceb155ca853d34ffe9a8a8f76c8f5aa9e92c534a476cceb5de060fd08de434e354
-
SSDEEP
12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hM:KZ1xuVVjfFoynPaVBUR8f+kN10EBe
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-