General
-
Target
2686156cac511e276a916e343eb5b8207ac0d9e31f852a56a92f4c9a27c5d6ad
-
Size
403KB
-
Sample
221019-3a5emscgdn
-
MD5
92485009de165746dd961984d3df6d10
-
SHA1
3ccc52c61f50994d48d6544e7d1d186cfbde2795
-
SHA256
2686156cac511e276a916e343eb5b8207ac0d9e31f852a56a92f4c9a27c5d6ad
-
SHA512
c1beec94cb75e3ec97afd7c94a6abe1793a664aa5d8d1542459852c9208b793cd8b68ce43ee3604a6ab52f8070d2082ca4834d8c0787f90203a8b6da95c3c1d4
-
SSDEEP
12288:jZIRXnHrXVHf27amyO35CoXkRDqw2ydy:jmnHrXV/osOJCo0RGwx
Static task
static1
Behavioral task
behavioral1
Sample
2686156cac511e276a916e343eb5b8207ac0d9e31f852a56a92f4c9a27c5d6ad.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2686156cac511e276a916e343eb5b8207ac0d9e31f852a56a92f4c9a27c5d6ad.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Data(17.5)
87.106.76.212:8080
likelike.no-ip.org:8080
kondoor.no-ip.org:8080
DC_MUTEX-PCS0384
-
InstallPath
Win\tashkost.exe
-
gencode
AJodwGWgqQNX
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Microsoft Windows Update
Targets
-
-
Target
2686156cac511e276a916e343eb5b8207ac0d9e31f852a56a92f4c9a27c5d6ad
-
Size
403KB
-
MD5
92485009de165746dd961984d3df6d10
-
SHA1
3ccc52c61f50994d48d6544e7d1d186cfbde2795
-
SHA256
2686156cac511e276a916e343eb5b8207ac0d9e31f852a56a92f4c9a27c5d6ad
-
SHA512
c1beec94cb75e3ec97afd7c94a6abe1793a664aa5d8d1542459852c9208b793cd8b68ce43ee3604a6ab52f8070d2082ca4834d8c0787f90203a8b6da95c3c1d4
-
SSDEEP
12288:jZIRXnHrXVHf27amyO35CoXkRDqw2ydy:jmnHrXV/osOJCo0RGwx
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-