General
-
Target
ee7fb70f89d6d03a7f1de965c0c5fbad8f94c851d13a7e227cff98213de505d5
-
Size
758KB
-
Sample
221123-nvjw4shg29
-
MD5
2b23159b81ef1d242f48a258d7f7a301
-
SHA1
51dd3880027e5a43e056e544adf838c73ebe2673
-
SHA256
ee7fb70f89d6d03a7f1de965c0c5fbad8f94c851d13a7e227cff98213de505d5
-
SHA512
8731b611679fa0fa6b55ac2e16554ab1b28eff45ffb6dfdea49054de8d25f88fde68852b237768be9c09e596c59292bca5bb6e412a029f1a5771d3dee8e17bc2
-
SSDEEP
12288:ezSo9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hRX:EZ1xuVVjfFoynPaVBUR8f+kN10EBT
Behavioral task
behavioral1
Sample
ee7fb70f89d6d03a7f1de965c0c5fbad8f94c851d13a7e227cff98213de505d5.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ee7fb70f89d6d03a7f1de965c0c5fbad8f94c851d13a7e227cff98213de505d5.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Free Virus
ziedje.no-ip.org:1604
DC_MUTEX-C6XNY5V
-
InstallPath
Windowsdll32\wdll32.exe
-
gencode
1UHPRJGrWnpA
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Windowsdll32
Targets
-
-
Target
ee7fb70f89d6d03a7f1de965c0c5fbad8f94c851d13a7e227cff98213de505d5
-
Size
758KB
-
MD5
2b23159b81ef1d242f48a258d7f7a301
-
SHA1
51dd3880027e5a43e056e544adf838c73ebe2673
-
SHA256
ee7fb70f89d6d03a7f1de965c0c5fbad8f94c851d13a7e227cff98213de505d5
-
SHA512
8731b611679fa0fa6b55ac2e16554ab1b28eff45ffb6dfdea49054de8d25f88fde68852b237768be9c09e596c59292bca5bb6e412a029f1a5771d3dee8e17bc2
-
SSDEEP
12288:ezSo9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hRX:EZ1xuVVjfFoynPaVBUR8f+kN10EBT
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-