General
-
Target
cc3f7855682a8b1c89973a2ba57c21af884f5f9487149e1bee8b258161bc7237
-
Size
756KB
-
Sample
221129-rhryqsfg29
-
MD5
7492e20402c6b8b0a59e276bda7319b8
-
SHA1
fbaa2a0b58d6728b0e1dc08d13f9a9132277016e
-
SHA256
cc3f7855682a8b1c89973a2ba57c21af884f5f9487149e1bee8b258161bc7237
-
SHA512
02dfff656da997e75ca0ab99f6f8b51d5cf4d9cd709ff5779a36a8d57a386382c270a06ba31d89f9a417c24ffbb7230238f005815889844c5a38edd7814faa9f
-
SSDEEP
12288:09HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hfU:4Z1xuVVjfFoynPaVBUR8f+kN10EBu
Behavioral task
behavioral1
Sample
cc3f7855682a8b1c89973a2ba57c21af884f5f9487149e1bee8b258161bc7237.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
cc3f7855682a8b1c89973a2ba57c21af884f5f9487149e1bee8b258161bc7237.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Kurban
emincan.no-ip.org:1604
127.0.0.1:1604
DC_MUTEX-YSZXZA3
-
InstallPath
Windupdt\winupdate.exe
-
gencode
EXR6B1nK6pfE
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Winupdater
Targets
-
-
Target
cc3f7855682a8b1c89973a2ba57c21af884f5f9487149e1bee8b258161bc7237
-
Size
756KB
-
MD5
7492e20402c6b8b0a59e276bda7319b8
-
SHA1
fbaa2a0b58d6728b0e1dc08d13f9a9132277016e
-
SHA256
cc3f7855682a8b1c89973a2ba57c21af884f5f9487149e1bee8b258161bc7237
-
SHA512
02dfff656da997e75ca0ab99f6f8b51d5cf4d9cd709ff5779a36a8d57a386382c270a06ba31d89f9a417c24ffbb7230238f005815889844c5a38edd7814faa9f
-
SSDEEP
12288:09HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hfU:4Z1xuVVjfFoynPaVBUR8f+kN10EBu
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-