General
-
Target
d13019a4b6cadfe2158c2d5618a5138bf83575bd93899ab4539a219b7313e50e
-
Size
283KB
-
Sample
221013-wrkm8sgchj
-
MD5
78827ea6267d6e13deeaabf83c564a30
-
SHA1
358f5b6da89fce5b40bb656f04e96ac9beaa6793
-
SHA256
d13019a4b6cadfe2158c2d5618a5138bf83575bd93899ab4539a219b7313e50e
-
SHA512
3588556725d823cb38fd497cea795b9b35a8b0e1e15e0472265bb7060d344b4aaae3d1162e7fcb1ef90da8d2208e29d0853f31f07af4ad48e5e4560cd7010d74
-
SSDEEP
6144:FcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37C:FcW7KEZlPzCy37C
Behavioral task
behavioral1
Sample
d13019a4b6cadfe2158c2d5618a5138bf83575bd93899ab4539a219b7313e50e.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Hack
slimeftp.ddns.net:1604
DC_MUTEX-QPDTQVV
-
InstallPath
friedhost.exe
-
gencode
N9ngM7z9Ub0y
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
friedhost.exe
Targets
-
-
Target
d13019a4b6cadfe2158c2d5618a5138bf83575bd93899ab4539a219b7313e50e
-
Size
283KB
-
MD5
78827ea6267d6e13deeaabf83c564a30
-
SHA1
358f5b6da89fce5b40bb656f04e96ac9beaa6793
-
SHA256
d13019a4b6cadfe2158c2d5618a5138bf83575bd93899ab4539a219b7313e50e
-
SHA512
3588556725d823cb38fd497cea795b9b35a8b0e1e15e0472265bb7060d344b4aaae3d1162e7fcb1ef90da8d2208e29d0853f31f07af4ad48e5e4560cd7010d74
-
SSDEEP
6144:FcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37C:FcW7KEZlPzCy37C
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-