General
-
Target
9a3fbbcf01c2f50da1652108b7d26b020f73b1946b25e2d5637813a226b81c68
-
Size
2.1MB
-
Sample
221125-2xdprsga6z
-
MD5
5392288f58739141bc319d5d9b38a677
-
SHA1
acc64f222ee3ab0465d4eecc0e06dcb6f9c8c00c
-
SHA256
9a3fbbcf01c2f50da1652108b7d26b020f73b1946b25e2d5637813a226b81c68
-
SHA512
a50e71b104c2ce883a2b9827edc4b0c2012277e28ca0262afbf54ab42323d72f21c71c8b4fbcaac2687f59591d013e13e7e11dc15e3e801ef658972e52a5dceb
-
SSDEEP
49152:0bQDgok30mycUPTVxbBvWOsnCoV3UtzDI9:0bQU/NUPTlvWOIcxDy
Behavioral task
behavioral1
Sample
9a3fbbcf01c2f50da1652108b7d26b020f73b1946b25e2d5637813a226b81c68.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9a3fbbcf01c2f50da1652108b7d26b020f73b1946b25e2d5637813a226b81c68.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
FaceChat
jebozovan.no-ip.org:81
DC_MUTEX-VYZAE9V
-
InstallPath
Updater\svchost.exe
-
gencode
7gYDkFuVmVLg
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
9a3fbbcf01c2f50da1652108b7d26b020f73b1946b25e2d5637813a226b81c68
-
Size
2.1MB
-
MD5
5392288f58739141bc319d5d9b38a677
-
SHA1
acc64f222ee3ab0465d4eecc0e06dcb6f9c8c00c
-
SHA256
9a3fbbcf01c2f50da1652108b7d26b020f73b1946b25e2d5637813a226b81c68
-
SHA512
a50e71b104c2ce883a2b9827edc4b0c2012277e28ca0262afbf54ab42323d72f21c71c8b4fbcaac2687f59591d013e13e7e11dc15e3e801ef658972e52a5dceb
-
SSDEEP
49152:0bQDgok30mycUPTVxbBvWOsnCoV3UtzDI9:0bQU/NUPTlvWOIcxDy
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-