General
-
Target
7a39658c3e764db49a93f8246dc600cdd6dfe5472b376ea1f0f50f378c4d5cba
-
Size
756KB
-
Sample
221119-le54ashh7s
-
MD5
530c49bd38b31f7858a2ae6735defa70
-
SHA1
56c222a587fc3c14fc64bd249da8499b9172954a
-
SHA256
7a39658c3e764db49a93f8246dc600cdd6dfe5472b376ea1f0f50f378c4d5cba
-
SHA512
6d8558e9afad76308823d8d1fd6a81beb35ef4d3b717dee5d1a4f3e629f7cafdc6eafcc3bc9a385d8e4ed5098cb4f52a664a2301f03589573f4007787ae33f2b
-
SSDEEP
12288:K9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h0:GZ1xuVVjfFoynPaVBUR8f+kN10EBW
Behavioral task
behavioral1
Sample
7a39658c3e764db49a93f8246dc600cdd6dfe5472b376ea1f0f50f378c4d5cba.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Hacker
leave1.no-ip.biz:1604
leave1.no-ip.biz:25565
DC_MUTEX-SF1AS3Y
-
InstallPath
Adobe.exe
-
gencode
v3wr0fYZFSSx
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
explorer
Targets
-
-
Target
7a39658c3e764db49a93f8246dc600cdd6dfe5472b376ea1f0f50f378c4d5cba
-
Size
756KB
-
MD5
530c49bd38b31f7858a2ae6735defa70
-
SHA1
56c222a587fc3c14fc64bd249da8499b9172954a
-
SHA256
7a39658c3e764db49a93f8246dc600cdd6dfe5472b376ea1f0f50f378c4d5cba
-
SHA512
6d8558e9afad76308823d8d1fd6a81beb35ef4d3b717dee5d1a4f3e629f7cafdc6eafcc3bc9a385d8e4ed5098cb4f52a664a2301f03589573f4007787ae33f2b
-
SSDEEP
12288:K9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h0:GZ1xuVVjfFoynPaVBUR8f+kN10EBW
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-