General
-
Target
aaaa4c64f72af2fc920b47e4bc325049b0555ea8b54c870e9082b96f34d535de
-
Size
738KB
-
Sample
221002-snbdlsdfam
-
MD5
6091874ab29ffca373d082e83cc5bdc0
-
SHA1
baf56b8a4f78bf21c42fb32f84cb092c68fc831d
-
SHA256
aaaa4c64f72af2fc920b47e4bc325049b0555ea8b54c870e9082b96f34d535de
-
SHA512
abf7a0b7e6fd442cd44b5ad26865d8a70b97007fe73167c483702343fca2e7475064a19eb9f863222d926e99399e6ebdc73b2126b38305cb0c8422791e2cfd34
-
SSDEEP
12288:R9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hWeDhyPuJf:LZ1xuVVjfFoynPaVBUR8f+kN10EBk2rf
Behavioral task
behavioral1
Sample
aaaa4c64f72af2fc920b47e4bc325049b0555ea8b54c870e9082b96f34d535de.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
192.168.0.10:1604
DC_MUTEX-LSKZ617
-
InstallPath
MSDCSC\Vevo.exe
-
gencode
RMoWKDyzeBnh
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroU
Targets
-
-
Target
aaaa4c64f72af2fc920b47e4bc325049b0555ea8b54c870e9082b96f34d535de
-
Size
738KB
-
MD5
6091874ab29ffca373d082e83cc5bdc0
-
SHA1
baf56b8a4f78bf21c42fb32f84cb092c68fc831d
-
SHA256
aaaa4c64f72af2fc920b47e4bc325049b0555ea8b54c870e9082b96f34d535de
-
SHA512
abf7a0b7e6fd442cd44b5ad26865d8a70b97007fe73167c483702343fca2e7475064a19eb9f863222d926e99399e6ebdc73b2126b38305cb0c8422791e2cfd34
-
SSDEEP
12288:R9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hWeDhyPuJf:LZ1xuVVjfFoynPaVBUR8f+kN10EBk2rf
-
Modifies WinLogon for persistence
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-