General
-
Target
834300555398c6d73c9beda0d6235d9bdc7a973a2162074e87f3c77884efef6f
-
Size
784KB
-
Sample
221021-ykevhscgg9
-
MD5
1e769d83c8b2f427d92fb7c22795b600
-
SHA1
69c5993f9bac73d99ad5d0034847d05bd7fe03db
-
SHA256
834300555398c6d73c9beda0d6235d9bdc7a973a2162074e87f3c77884efef6f
-
SHA512
4207f0b7947e52bd300664f407f301ba7d54c66333c5452cda471e130f72279ac5abdd352856641566b9c7895c7c507b52024a644ccfc57cc049878ab24690f9
-
SSDEEP
12288:q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h3FDBEZOzl:mZ1xuVVjfFoynPaVBUR8f+kN10EB1zl
Behavioral task
behavioral1
Sample
834300555398c6d73c9beda0d6235d9bdc7a973a2162074e87f3c77884efef6f.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
1111
volam2.no-ip.org:1111
DC_MUTEX-GURH78B
-
InstallPath
explorer.exe
-
gencode
trPYVnD2QJGW
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
834300555398c6d73c9beda0d6235d9bdc7a973a2162074e87f3c77884efef6f
-
Size
784KB
-
MD5
1e769d83c8b2f427d92fb7c22795b600
-
SHA1
69c5993f9bac73d99ad5d0034847d05bd7fe03db
-
SHA256
834300555398c6d73c9beda0d6235d9bdc7a973a2162074e87f3c77884efef6f
-
SHA512
4207f0b7947e52bd300664f407f301ba7d54c66333c5452cda471e130f72279ac5abdd352856641566b9c7895c7c507b52024a644ccfc57cc049878ab24690f9
-
SSDEEP
12288:q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h3FDBEZOzl:mZ1xuVVjfFoynPaVBUR8f+kN10EB1zl
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-