General
-
Target
eea615efc27f4dbaa20f493226caf399a4f5994fd1493f03ac75deffa81954d2
-
Size
675KB
-
Sample
221126-kvfmxaae2z
-
MD5
0b6ddda7ba995c36b25bf5f562b4104f
-
SHA1
fd103c9f0ac2f8462f9c8f24bcfe1fca22eb691d
-
SHA256
eea615efc27f4dbaa20f493226caf399a4f5994fd1493f03ac75deffa81954d2
-
SHA512
c30e7ec9283f1917b05fdbf952d145837ad407b3bdc5431d78cb6a0f70af3a0192f0373c4fc3aefb7cae9766b0813ba802241a4a51f4b7ae7dbffd42738daab4
-
SSDEEP
12288:iat0EAH49n8BGe60O+/CRcDrNnyWP28xRqcrINVeAGXHbH6zAv2P5up+Jit:Nt24Je6BeC2yXKR0reNXHmzA0+
Static task
static1
Behavioral task
behavioral1
Sample
eea615efc27f4dbaa20f493226caf399a4f5994fd1493f03ac75deffa81954d2.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
eea615efc27f4dbaa20f493226caf399a4f5994fd1493f03ac75deffa81954d2.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Æåðòâà
znz.ddns.net:25565
DC_MUTEX-Q6D7RHQ
-
InstallPath
sv�h�st.exe
-
gencode
ijcTThqReeek
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
eea615efc27f4dbaa20f493226caf399a4f5994fd1493f03ac75deffa81954d2
-
Size
675KB
-
MD5
0b6ddda7ba995c36b25bf5f562b4104f
-
SHA1
fd103c9f0ac2f8462f9c8f24bcfe1fca22eb691d
-
SHA256
eea615efc27f4dbaa20f493226caf399a4f5994fd1493f03ac75deffa81954d2
-
SHA512
c30e7ec9283f1917b05fdbf952d145837ad407b3bdc5431d78cb6a0f70af3a0192f0373c4fc3aefb7cae9766b0813ba802241a4a51f4b7ae7dbffd42738daab4
-
SSDEEP
12288:iat0EAH49n8BGe60O+/CRcDrNnyWP28xRqcrINVeAGXHbH6zAv2P5up+Jit:Nt24Je6BeC2yXKR0reNXHmzA0+
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-