General
-
Target
e7985d83ecdab15f5b8632e804d44de22603cc47e93c354926e7983680053288
-
Size
990KB
-
Sample
221128-p4js5sdh69
-
MD5
5086a23012abc78747b04388c176194e
-
SHA1
1ad76e30ada1da6d5ea23a610b2fb152e30b3313
-
SHA256
e7985d83ecdab15f5b8632e804d44de22603cc47e93c354926e7983680053288
-
SHA512
5a872e4e944037f2defcc7243b0c296030186858d03190c1c5038ea7b757cec6dae2dd0fdb2a857ae38fa28fbad98abd0c032f5337cc28eeeb8bdfa1537716db
-
SSDEEP
12288:hqGB//IR3S76SRXHNdRDzlmORKDuXliz5YceVka0Wr/LYuj://k3SbR3hzsgn10jVWDLj
Static task
static1
Behavioral task
behavioral1
Sample
e7985d83ecdab15f5b8632e804d44de22603cc47e93c354926e7983680053288.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e7985d83ecdab15f5b8632e804d44de22603cc47e93c354926e7983680053288.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
LUCK
asorocky.ddns.net:1002
DC_MUTEX-WGYDBY5
-
InstallPath
File Protector\protects.exe
-
gencode
EJleU4UDMxoc
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
FileProtector
Targets
-
-
Target
e7985d83ecdab15f5b8632e804d44de22603cc47e93c354926e7983680053288
-
Size
990KB
-
MD5
5086a23012abc78747b04388c176194e
-
SHA1
1ad76e30ada1da6d5ea23a610b2fb152e30b3313
-
SHA256
e7985d83ecdab15f5b8632e804d44de22603cc47e93c354926e7983680053288
-
SHA512
5a872e4e944037f2defcc7243b0c296030186858d03190c1c5038ea7b757cec6dae2dd0fdb2a857ae38fa28fbad98abd0c032f5337cc28eeeb8bdfa1537716db
-
SSDEEP
12288:hqGB//IR3S76SRXHNdRDzlmORKDuXliz5YceVka0Wr/LYuj://k3SbR3hzsgn10jVWDLj
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-