General
-
Target
9315cd0bb5ff6c94749b70d3f29df3f770c4508987e0c09e7e5b61b9896ea697
-
Size
341KB
-
Sample
221201-az78lshf69
-
MD5
6229ca5be4d9928440b3d842950f5346
-
SHA1
f3653d00a8a870a0437d18f3a4441ede275cbbf0
-
SHA256
9315cd0bb5ff6c94749b70d3f29df3f770c4508987e0c09e7e5b61b9896ea697
-
SHA512
4607bac5b368fbe660ed6e3d3f572951f0d16b6401ba1dd791244ccf73ab15f169b073cdeb70f8bcbc289208bbde17ce96506195683a2566646dcbef498e91bc
-
SSDEEP
6144:Q8XdZ0iRwHoMg8HuRLp5RdHCmP2nwoQKnsv1ieNlBF:bfwIYuRLplCmPswo/sv1ieNlBF
Static task
static1
Behavioral task
behavioral1
Sample
9315cd0bb5ff6c94749b70d3f29df3f770c4508987e0c09e7e5b61b9896ea697.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
csrss
armyk.no-ip.org:82
DC_MUTEX-VS1TED3
-
InstallPath
wuauclt.exe
-
gencode
MKcgY6l5UWgn
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Windows Update
Targets
-
-
Target
9315cd0bb5ff6c94749b70d3f29df3f770c4508987e0c09e7e5b61b9896ea697
-
Size
341KB
-
MD5
6229ca5be4d9928440b3d842950f5346
-
SHA1
f3653d00a8a870a0437d18f3a4441ede275cbbf0
-
SHA256
9315cd0bb5ff6c94749b70d3f29df3f770c4508987e0c09e7e5b61b9896ea697
-
SHA512
4607bac5b368fbe660ed6e3d3f572951f0d16b6401ba1dd791244ccf73ab15f169b073cdeb70f8bcbc289208bbde17ce96506195683a2566646dcbef498e91bc
-
SSDEEP
6144:Q8XdZ0iRwHoMg8HuRLp5RdHCmP2nwoQKnsv1ieNlBF:bfwIYuRLplCmPswo/sv1ieNlBF
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-