Resubmissions
19-11-2022 21:40
221119-1jgzlacd49 819-11-2022 13:48
221119-q4ed4adg34 1019-11-2022 06:26
221119-g7aqmscg91 1019-11-2022 05:30
221119-f67hjsbc8t 1015-11-2022 20:50
221115-zm3j2abf6y 1015-11-2022 20:50
221115-zmpm6sfh23 1015-11-2022 20:49
221115-zl6kasfg98 1015-11-2022 20:19
221115-y4ct9sff87 1014-11-2022 19:39
221114-yc4tnsdb92 1014-11-2022 19:34
221114-yakb9adb83 10General
-
Target
db79d6a667294c81210d9aa4d989f35832e75151863c2d216787028ae673da50
-
Size
206KB
-
Sample
221115-y4ct9sff87
-
MD5
3c6bdf4c6b61e2d4603eafad076aa092
-
SHA1
4ac90d351b8b8a135331be1ae059ebb823347fe1
-
SHA256
2a6299dfcbcf3186ded295395c7028d651ff178df40d587b531b6bc25f2e3d3f
-
SHA512
ddaac427bfbf4b1236b1f3d10ab6437eb88d63ec1a44326275eba56d455362e910334931d31b389ef27b51b9e4dde7ab2496ed2ceb5cdff894a86f103351bb37
-
SSDEEP
6144:uFr8GBofok1bHyX1heFZU1EwFXGHPEuL+ahZ:uLCfoOTyXGQbFMPEib
Static task
static1
Behavioral task
behavioral1
Sample
db79d6a667294c81210d9aa4d989f35832e75151863c2d216787028ae673da50.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Guest16
gameservice.ddns.net:4320
DC_MUTEX-WBUNVXD
-
InstallPath
AudioDriver\taskhost.exe
-
gencode
EWSsWwgyJrUD
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
AudioDriver
Targets
-
-
Target
db79d6a667294c81210d9aa4d989f35832e75151863c2d216787028ae673da50
-
Size
307KB
-
MD5
0abe50c1509136bf62d2184ab439e7a5
-
SHA1
722a7e2a0dd66f506ba93d24946b8bf504b100c0
-
SHA256
db79d6a667294c81210d9aa4d989f35832e75151863c2d216787028ae673da50
-
SHA512
0c232d1eaf68c0099fb499fcd40bb33cd604f0259a71b853c296e00cc468342de95548ccf61d9e904cef5d34fd94defbb43f844e9f50a51517c7c95ab66862c5
-
SSDEEP
6144:Gu0FGLnBOUaLPP7S9dW8dsgMF24raEn2E1a:Gu0wTBOU2Pj6EisgM/uUv
-
Detects Smokeloader packer
-
Modifies WinLogon for persistence
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-