General
-
Target
edc3059056a17d92764fe565ba27ab6b03ea9a9e9d31eddc74b19893526f394d
-
Size
772KB
-
Sample
221019-z7ghashbfm
-
MD5
a1613b044cd3b96c095bb159d974fdd0
-
SHA1
a00a19578d0ce9b20c41b286710ea23119c73dd5
-
SHA256
edc3059056a17d92764fe565ba27ab6b03ea9a9e9d31eddc74b19893526f394d
-
SHA512
8271a6d7523f8ab73e41d9beae3cef90aeb17c5be12f8f85a5505acd4ddc70d5a1496481a231dc213bacb2d6b3c5a7e39d5e50009ed8529468cd37e3fde71a0d
-
SSDEEP
12288:2aQX8+MJfkLHpEs4HUY7jYrFOzUnEPO4hYMaEw8HEPvoSrtrcL0Sn39K8AhHCBw:hQX8idEsSlzUnEPOc/wyEPTBc344
Static task
static1
Behavioral task
behavioral1
Sample
edc3059056a17d92764fe565ba27ab6b03ea9a9e9d31eddc74b19893526f394d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
edc3059056a17d92764fe565ba27ab6b03ea9a9e9d31eddc74b19893526f394d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest
poorme.no-ip.biz:2000
DC_MUTEX-V7D2UFA
-
InstallPath
MSDCSC\Nod32.exe
-
gencode
1DkFyWqFtAml
-
install
true
-
offline_keylogger
false
-
persistence
true
-
reg_key
cmD
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
edc3059056a17d92764fe565ba27ab6b03ea9a9e9d31eddc74b19893526f394d
-
Size
772KB
-
MD5
a1613b044cd3b96c095bb159d974fdd0
-
SHA1
a00a19578d0ce9b20c41b286710ea23119c73dd5
-
SHA256
edc3059056a17d92764fe565ba27ab6b03ea9a9e9d31eddc74b19893526f394d
-
SHA512
8271a6d7523f8ab73e41d9beae3cef90aeb17c5be12f8f85a5505acd4ddc70d5a1496481a231dc213bacb2d6b3c5a7e39d5e50009ed8529468cd37e3fde71a0d
-
SSDEEP
12288:2aQX8+MJfkLHpEs4HUY7jYrFOzUnEPO4hYMaEw8HEPvoSrtrcL0Sn39K8AhHCBw:hQX8idEsSlzUnEPOc/wyEPTBc344
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-