General
-
Target
cb15f9234cadbfd951c61339905693f6c8554fa2c89a31028da87774b55870f8
-
Size
396KB
-
Sample
221202-p1kw2ada4y
-
MD5
d7f4b00a1c6f756a97bbd409e0e01e28
-
SHA1
7d0325baff23fc02a924c0033d9ca5205770ab94
-
SHA256
cb15f9234cadbfd951c61339905693f6c8554fa2c89a31028da87774b55870f8
-
SHA512
db4454bcc0bc09952ac46dd18aa9a41971c52624394795c84d81625f3ba1a9f484918379d767b97a0dc9a8f232df10e541f232e42f6211e116aadbb09f896911
-
SSDEEP
6144:yzuqM8bSZzkD9MvPGm7uDwG6tVsa8ez4d6O5Gtl50LyNdsy9eIkZg0ar:j8yE9cuvDkWazhD9dsyMI8cr
Static task
static1
Behavioral task
behavioral1
Sample
cb15f9234cadbfd951c61339905693f6c8554fa2c89a31028da87774b55870f8.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
victima
critical.zapto.org:1604
DC_MUTEX-ADY5V62
-
InstallPath
Windsound\soundloader.exe
-
gencode
abg2bucWtxxq
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
cb15f9234cadbfd951c61339905693f6c8554fa2c89a31028da87774b55870f8
-
Size
396KB
-
MD5
d7f4b00a1c6f756a97bbd409e0e01e28
-
SHA1
7d0325baff23fc02a924c0033d9ca5205770ab94
-
SHA256
cb15f9234cadbfd951c61339905693f6c8554fa2c89a31028da87774b55870f8
-
SHA512
db4454bcc0bc09952ac46dd18aa9a41971c52624394795c84d81625f3ba1a9f484918379d767b97a0dc9a8f232df10e541f232e42f6211e116aadbb09f896911
-
SSDEEP
6144:yzuqM8bSZzkD9MvPGm7uDwG6tVsa8ez4d6O5Gtl50LyNdsy9eIkZg0ar:j8yE9cuvDkWazhD9dsyMI8cr
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-