General
-
Target
179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931
-
Size
2.2MB
-
Sample
221126-pt4qkada78
-
MD5
03db752ed2e4a089ff35dd1a339047e2
-
SHA1
aff6b7424e041ff07f514020c6ecebb516a68812
-
SHA256
179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931
-
SHA512
7566067c0304186696847848a3664a00e1066d4ad76b410d5d9b4871c69ac64a790005df69384ace48afd11b5137e05ad4ddd14d64c6f050598cab750ce561c0
-
SSDEEP
49152:n1vqjd/Q1/Ogdlg9Fy+sX8C+Hxi2UcqvnWkhcZfePLaWexR/HR:n1vqju/O2uOX8CqI99vWkhcZfgGWezfR
Static task
static1
Behavioral task
behavioral1
Sample
179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Zombie
musicbox.servemp3.com:2890
DC_MUTEX-MNV1PW6
-
InstallPath
AppSoft\svchost.exe
-
gencode
zeZBYFmhM4eU
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
msnmsgr
Targets
-
-
Target
179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931
-
Size
2.2MB
-
MD5
03db752ed2e4a089ff35dd1a339047e2
-
SHA1
aff6b7424e041ff07f514020c6ecebb516a68812
-
SHA256
179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931
-
SHA512
7566067c0304186696847848a3664a00e1066d4ad76b410d5d9b4871c69ac64a790005df69384ace48afd11b5137e05ad4ddd14d64c6f050598cab750ce561c0
-
SSDEEP
49152:n1vqjd/Q1/Ogdlg9Fy+sX8C+Hxi2UcqvnWkhcZfePLaWexR/HR:n1vqju/O2uOX8CqI99vWkhcZfgGWezfR
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-