General
-
Target
802bab90c9cf8ae6af2bdecafad3f703b1f4f43ee6637fa89311c1196535284a
-
Size
340KB
-
Sample
221011-k9f7zsfga4
-
MD5
68fac5d1833e4398760285310aa1ad70
-
SHA1
2cbc1c53898adee768103477a92431bf6b188df9
-
SHA256
802bab90c9cf8ae6af2bdecafad3f703b1f4f43ee6637fa89311c1196535284a
-
SHA512
30a80fd01003d0fa2f2601afddc69b05c25eaa856525f72055b663fc8dd1fd6d1129f4d4de1daa248a564632fdc95244e35c276f6bbf22b69852be1da2e750f5
-
SSDEEP
6144:O4D5rBufqRqgoCUKLKMgpZbSviaWEdgXLSQH0D3f6dywkp/XoBDw7TvwlDa:RD5pq7zMgpdYaEda30DP6dKoBDeGD
Static task
static1
Behavioral task
behavioral1
Sample
802bab90c9cf8ae6af2bdecafad3f703b1f4f43ee6637fa89311c1196535284a.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest
192.168.1.2:1605
mydcrat.no-ip.org:1605
89.123.179.240:1605
DC_MUTEX-G19MRST
-
InstallPath
Update\Installer.exe
-
gencode
gfW7XqTSi44u
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Update
Targets
-
-
Target
802bab90c9cf8ae6af2bdecafad3f703b1f4f43ee6637fa89311c1196535284a
-
Size
340KB
-
MD5
68fac5d1833e4398760285310aa1ad70
-
SHA1
2cbc1c53898adee768103477a92431bf6b188df9
-
SHA256
802bab90c9cf8ae6af2bdecafad3f703b1f4f43ee6637fa89311c1196535284a
-
SHA512
30a80fd01003d0fa2f2601afddc69b05c25eaa856525f72055b663fc8dd1fd6d1129f4d4de1daa248a564632fdc95244e35c276f6bbf22b69852be1da2e750f5
-
SSDEEP
6144:O4D5rBufqRqgoCUKLKMgpZbSviaWEdgXLSQH0D3f6dywkp/XoBDw7TvwlDa:RD5pq7zMgpdYaEda30DP6dKoBDeGD
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-