General
-
Target
ac8f48948073402bf3304f9912d2f9785dd5ea346aeb90991f76741b3701570c
-
Size
668KB
-
Sample
221128-n9qm7sgc2s
-
MD5
6886a1bd5f1eb69d90d81f79638bf505
-
SHA1
fd957160ba84f51f5e29886008fc6eb6d48a3419
-
SHA256
ac8f48948073402bf3304f9912d2f9785dd5ea346aeb90991f76741b3701570c
-
SHA512
601b998b4236c63e6d06771a58f66436d744c972ff48671f3fad6626c7dfd4b988c0094583d7e2e4e38b8e0ff633d7f7773c002a76f5b9230e46ed53e21002a9
-
SSDEEP
12288:A9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hd:kZ1xuVVjfFoynPaVBUR8f+kN10EBf
Behavioral task
behavioral1
Sample
ac8f48948073402bf3304f9912d2f9785dd5ea346aeb90991f76741b3701570c.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Coolpol
instealman.hopto.org:1604
DC_MUTEX-F6XBUWE
-
InstallPath
Windupdt\winupdate.exe
-
gencode
5FHnjxyRWMdT
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
winupdater
Targets
-
-
Target
ac8f48948073402bf3304f9912d2f9785dd5ea346aeb90991f76741b3701570c
-
Size
668KB
-
MD5
6886a1bd5f1eb69d90d81f79638bf505
-
SHA1
fd957160ba84f51f5e29886008fc6eb6d48a3419
-
SHA256
ac8f48948073402bf3304f9912d2f9785dd5ea346aeb90991f76741b3701570c
-
SHA512
601b998b4236c63e6d06771a58f66436d744c972ff48671f3fad6626c7dfd4b988c0094583d7e2e4e38b8e0ff633d7f7773c002a76f5b9230e46ed53e21002a9
-
SSDEEP
12288:A9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hd:kZ1xuVVjfFoynPaVBUR8f+kN10EBf
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-