General
-
Target
b93bf2cabe29c7c8bea31910d1f27823b9157805965223dd50edfb92d3290b9f
-
Size
1.1MB
-
Sample
221130-3gq6laee42
-
MD5
3c16c8b682863f1c9d4e3e2441cd6b01
-
SHA1
62695fd6b367ffdcff3625769da4ff7c9ba420a1
-
SHA256
b93bf2cabe29c7c8bea31910d1f27823b9157805965223dd50edfb92d3290b9f
-
SHA512
24d7bb48fd33a0886ac698ce9d8007dd7f83689a96b8620891189d9b6cb945f12197760a4b407cc8929d728fe4bf3456b13bdcbe8532dc4575798a6e6a7f11f1
-
SSDEEP
24576:jC3X3AxBxmrbPqnScBsDUoo4gNh7Q8mXc8GxI8Pjj:QXQrxnScuD9gNJ8jUBPn
Static task
static1
Behavioral task
behavioral1
Sample
b93bf2cabe29c7c8bea31910d1f27823b9157805965223dd50edfb92d3290b9f.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Victim
sockproxy1.no-ip.biz:1604
192.168.1.5:1604
DC_MUTEX-PT8P9TJ
-
InstallPath
javaupdate.exe
-
gencode
2QkGDwVCRYJ0
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
javaupdate
Targets
-
-
Target
b93bf2cabe29c7c8bea31910d1f27823b9157805965223dd50edfb92d3290b9f
-
Size
1.1MB
-
MD5
3c16c8b682863f1c9d4e3e2441cd6b01
-
SHA1
62695fd6b367ffdcff3625769da4ff7c9ba420a1
-
SHA256
b93bf2cabe29c7c8bea31910d1f27823b9157805965223dd50edfb92d3290b9f
-
SHA512
24d7bb48fd33a0886ac698ce9d8007dd7f83689a96b8620891189d9b6cb945f12197760a4b407cc8929d728fe4bf3456b13bdcbe8532dc4575798a6e6a7f11f1
-
SSDEEP
24576:jC3X3AxBxmrbPqnScBsDUoo4gNh7Q8mXc8GxI8Pjj:QXQrxnScuD9gNJ8jUBPn
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-