General
-
Target
f695eb089d4a33afab87887b5779fe39c48e13594c6b3d76e01393eb36da886c
-
Size
676KB
-
Sample
221002-kyh77shfhq
-
MD5
58d950929edcfc0a3f1def7620d62fd0
-
SHA1
d062ad6abfc4bf4e5491b70b1200ca2ff7922904
-
SHA256
f695eb089d4a33afab87887b5779fe39c48e13594c6b3d76e01393eb36da886c
-
SHA512
cf23ac522ef46f3f42be5e79d36e4c189bee8a1d282fdccec12ffb97e7200fcce4f161b17030c8ea5c90d99be7926732b25f4ab25886f8a3e6466021cfec5fb4
-
SSDEEP
12288:2QMuiMQn3i8BpVCFeKq9Ipo90lbKSpuQO2tW05l6qK8sWg4gPp73:wrBpMMKGIpu/jJ2EYl6qdgjd
Static task
static1
Behavioral task
behavioral1
Sample
f695eb089d4a33afab87887b5779fe39c48e13594c6b3d76e01393eb36da886c.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Guest16
79.172.26.136:1604
DC_MUTEX-HN17VDB
-
InstallPath
System32\Drivers.exe
-
gencode
T3NMNGnXGHkl
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
f695eb089d4a33afab87887b5779fe39c48e13594c6b3d76e01393eb36da886c
-
Size
676KB
-
MD5
58d950929edcfc0a3f1def7620d62fd0
-
SHA1
d062ad6abfc4bf4e5491b70b1200ca2ff7922904
-
SHA256
f695eb089d4a33afab87887b5779fe39c48e13594c6b3d76e01393eb36da886c
-
SHA512
cf23ac522ef46f3f42be5e79d36e4c189bee8a1d282fdccec12ffb97e7200fcce4f161b17030c8ea5c90d99be7926732b25f4ab25886f8a3e6466021cfec5fb4
-
SSDEEP
12288:2QMuiMQn3i8BpVCFeKq9Ipo90lbKSpuQO2tW05l6qK8sWg4gPp73:wrBpMMKGIpu/jJ2EYl6qdgjd
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-