General
-
Target
3e307327c01476afdca19bca143008bd8b5349a34ebcce12399ab07bb27bc3f2
-
Size
939KB
-
Sample
221014-l2kqwaadc5
-
MD5
68546f8bfc470bdd9af61c02f741bd00
-
SHA1
3d0e794cbd018c7b4d04c2f3100d7038a0e56cf1
-
SHA256
3e307327c01476afdca19bca143008bd8b5349a34ebcce12399ab07bb27bc3f2
-
SHA512
b8f143810b0da2ee903ed2555f9bf21f3d2389b510ea862e9fcb1f8aff9990fc093e6047511059eb78836998b8d8f3963d1ab592cbf90fbbf20d1b1b8b93492d
-
SSDEEP
24576:z9Pwdxc7hNBBIj2tEt7BtLL36TDRwqNPN3cmWGM:zOvKhNTKt7TL36TDRwIV3ct
Behavioral task
behavioral1
Sample
3e307327c01476afdca19bca143008bd8b5349a34ebcce12399ab07bb27bc3f2.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
undiscoveredl33ts.no-ip.biz:1604
undiscoveredl33ts.no-ip.biz:22
undiscoveredl33ts.no-ip.biz:200
undiscoveredl33ts.no-ip.biz:80
undiscoveredl33ts.no-ip.biz:135
undiscoveredl33ts.no-ip.biz:6372
undiscoveredl33ts.no-ip.biz:6373
undiscoveredl33ts.no-ip.biz:6374
undiscoveredl33ts.no-ip.biz:6375
undiscoveredl33ts.no-ip.biz:6376
undiscoveredl33ts.no-ip.biz:6377
undiscoveredl33ts.no-ip.biz:6378
undiscoveredl33ts.no-ip.biz:6379
undiscoveredl33ts.no-ip.biz:6380
undiscoveredl33ts.no-ip.biz:6381
undiscoveredl33ts.no-ip.biz:6382
undiscoveredl33ts.no-ip.biz:6383
undiscoveredl33ts.no-ip.biz:6384
undiscoveredl33ts.no-ip.biz:6385
undiscoveredl33ts.no-ip.biz:6386
undiscoveredl33ts.no-ip.biz:6387
undiscoveredl33ts.no-ip.biz:6388
undiscoveredl33ts.no-ip.biz:6389
undiscoveredl33ts.no-ip.biz:6390
undiscoveredl33ts.no-ip.biz:6391
undiscoveredl33ts.no-ip.biz:6392
undiscoveredl33ts.no-ip.biz:6393
undiscoveredl33ts.no-ip.biz:6394
undiscoveredl33ts.no-ip.biz:6395
undiscoveredl33ts.no-ip.biz:6396
undiscoveredl33ts.no-ip.biz:6397
undiscoveredl33ts.no-ip.biz:6398
undiscoveredl33ts.no-ip.biz:6400
undiscoveredl33ts.no-ip.biz:6401
undiscoveredl33ts.no-ip.biz:6402
undiscoveredl33ts.no-ip.biz:6403
DC_MUTEX-GMSXAGT
-
InstallPath
msvc\msvcc.exe
-
gencode
nP2GrKS79iHa
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
rundll32
Targets
-
-
Target
3e307327c01476afdca19bca143008bd8b5349a34ebcce12399ab07bb27bc3f2
-
Size
939KB
-
MD5
68546f8bfc470bdd9af61c02f741bd00
-
SHA1
3d0e794cbd018c7b4d04c2f3100d7038a0e56cf1
-
SHA256
3e307327c01476afdca19bca143008bd8b5349a34ebcce12399ab07bb27bc3f2
-
SHA512
b8f143810b0da2ee903ed2555f9bf21f3d2389b510ea862e9fcb1f8aff9990fc093e6047511059eb78836998b8d8f3963d1ab592cbf90fbbf20d1b1b8b93492d
-
SSDEEP
24576:z9Pwdxc7hNBBIj2tEt7BtLL36TDRwqNPN3cmWGM:zOvKhNTKt7TL36TDRwIV3ct
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-