General
-
Target
cac92ba7a226d877c369403c880f4251391c88409159509e378724b32e57dac5
-
Size
756KB
-
Sample
221129-rhsv2afg33
-
MD5
861bd0deacbaa5ba7f5fe80f78d1f5b4
-
SHA1
59792a6b68904c29cf3baad77f033b64dcca3f5c
-
SHA256
cac92ba7a226d877c369403c880f4251391c88409159509e378724b32e57dac5
-
SHA512
d0766f0147e5a2f302cd4adf7be5c34c158b42f78de18ae8731d8274ce9a20cadbd568400953a5382c48780136795bb4f0483612c3ac149fecb9a4b51c09de91
-
SSDEEP
12288:u9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hA:6Z1xuVVjfFoynPaVBUR8f+kN10EBq
Behavioral task
behavioral1
Sample
cac92ba7a226d877c369403c880f4251391c88409159509e378724b32e57dac5.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
cac92ba7a226d877c369403c880f4251391c88409159509e378724b32e57dac5.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
DrHacker
drhacker.no-ip.info:81
DC_MUTEX-4FCVTUB
-
InstallPath
system.exe
-
gencode
y381anlYCr2s
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
system
Targets
-
-
Target
cac92ba7a226d877c369403c880f4251391c88409159509e378724b32e57dac5
-
Size
756KB
-
MD5
861bd0deacbaa5ba7f5fe80f78d1f5b4
-
SHA1
59792a6b68904c29cf3baad77f033b64dcca3f5c
-
SHA256
cac92ba7a226d877c369403c880f4251391c88409159509e378724b32e57dac5
-
SHA512
d0766f0147e5a2f302cd4adf7be5c34c158b42f78de18ae8731d8274ce9a20cadbd568400953a5382c48780136795bb4f0483612c3ac149fecb9a4b51c09de91
-
SSDEEP
12288:u9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hA:6Z1xuVVjfFoynPaVBUR8f+kN10EBq
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-