General
-
Target
be8b32c5fda66fec2fb82d8fff15011c90c5eaaaf869ae126bfcc61b8e35cb01
-
Size
252KB
-
Sample
221014-l2yyhaadd8
-
MD5
74864d27b17bfb5cc0361f3dad0682f0
-
SHA1
60692c47dc2b281375f4c5cef204a0a398199a8f
-
SHA256
be8b32c5fda66fec2fb82d8fff15011c90c5eaaaf869ae126bfcc61b8e35cb01
-
SHA512
711707974581a2476539e17d38aa297fbb6fb8e02d75c0479f8ff2f0fad0a50c846c488137133407e91070c02bbbfd09e82f6f5e51069af1a2435f3ead089704
-
SSDEEP
6144:ncNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:ncW7KEZlPzCy37
Behavioral task
behavioral1
Sample
be8b32c5fda66fec2fb82d8fff15011c90c5eaaaf869ae126bfcc61b8e35cb01.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
ASD-1
192.168.1.4:1604
DC_MUTEX-31Y1MQ5
-
InstallPath
module\reg.exe
-
gencode
QVMexaPBr0Rj
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
regedit
Targets
-
-
Target
be8b32c5fda66fec2fb82d8fff15011c90c5eaaaf869ae126bfcc61b8e35cb01
-
Size
252KB
-
MD5
74864d27b17bfb5cc0361f3dad0682f0
-
SHA1
60692c47dc2b281375f4c5cef204a0a398199a8f
-
SHA256
be8b32c5fda66fec2fb82d8fff15011c90c5eaaaf869ae126bfcc61b8e35cb01
-
SHA512
711707974581a2476539e17d38aa297fbb6fb8e02d75c0479f8ff2f0fad0a50c846c488137133407e91070c02bbbfd09e82f6f5e51069af1a2435f3ead089704
-
SSDEEP
6144:ncNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:ncW7KEZlPzCy37
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-