General
-
Target
5c85bfa433b776f2505d65d140c16fcf90b4910546b59324f7501272584619b2
-
Size
772KB
-
Sample
221129-svysgsca66
-
MD5
47a3df044a495ed7c6ba76c035a5551d
-
SHA1
0793db2a77213074fd9b0d494dad66b1368186ba
-
SHA256
5c85bfa433b776f2505d65d140c16fcf90b4910546b59324f7501272584619b2
-
SHA512
7f791219154d97fba2e3d48541f877bb6ee1bd64dc6f63a9ef238cd1161e84994eef85632206d7ccdc0034bd2cb54fcecfdfd4120dc9f79a8b5a26e1cae17617
-
SSDEEP
12288:cf2GiGMBHqhYOJONtMCesfXlKXeR6z6MMRlcT9cYYIJj0j0zpggnT:/GQFQgkC1PMzIlcZdYIJj0qdT
Static task
static1
Behavioral task
behavioral1
Sample
5c85bfa433b776f2505d65d140c16fcf90b4910546b59324f7501272584619b2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5c85bfa433b776f2505d65d140c16fcf90b4910546b59324f7501272584619b2.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
13.07.12 Crypter
leetaka1337.no-ip.org:1604
DC_MUTEX-JFX5RP1
-
InstallPath
MSDCSC\winhost.exe
-
gencode
lCnq6VNbar2M
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
5c85bfa433b776f2505d65d140c16fcf90b4910546b59324f7501272584619b2
-
Size
772KB
-
MD5
47a3df044a495ed7c6ba76c035a5551d
-
SHA1
0793db2a77213074fd9b0d494dad66b1368186ba
-
SHA256
5c85bfa433b776f2505d65d140c16fcf90b4910546b59324f7501272584619b2
-
SHA512
7f791219154d97fba2e3d48541f877bb6ee1bd64dc6f63a9ef238cd1161e84994eef85632206d7ccdc0034bd2cb54fcecfdfd4120dc9f79a8b5a26e1cae17617
-
SSDEEP
12288:cf2GiGMBHqhYOJONtMCesfXlKXeR6z6MMRlcT9cYYIJj0j0zpggnT:/GQFQgkC1PMzIlcZdYIJj0qdT
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-