General
-
Target
c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500
-
Size
347KB
-
Sample
221204-v8trssbd53
-
MD5
eefcea17c245d722fcfe515970a99b24
-
SHA1
100f1fa0224e1ae4b79fb661e29a7b22cf0e47fa
-
SHA256
c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500
-
SHA512
23c08bc35f8e3c6e28173f0e6eadabe11638e40c3ec68ef0a6448a70739d340d29a3c3b75f887ed7aa807cfe40cc78b34c1f040fffa51cea87ba14553d4e08bb
-
SSDEEP
6144:CUPCHaSrGCFGMQZhKYWqdRBYn58JOBGmtMCANkRfX90OO1+JC5mfT4Neu:G62GiGMBHqhYOJONtMCesfXlKXk7A
Static task
static1
Behavioral task
behavioral1
Sample
c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
13.07.12 Crypter
leetaka1337.no-ip.org:1604
DC_MUTEX-JFX5RP1
-
InstallPath
MSDCSC\winhost.exe
-
gencode
lCnq6VNbar2M
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500
-
Size
347KB
-
MD5
eefcea17c245d722fcfe515970a99b24
-
SHA1
100f1fa0224e1ae4b79fb661e29a7b22cf0e47fa
-
SHA256
c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500
-
SHA512
23c08bc35f8e3c6e28173f0e6eadabe11638e40c3ec68ef0a6448a70739d340d29a3c3b75f887ed7aa807cfe40cc78b34c1f040fffa51cea87ba14553d4e08bb
-
SSDEEP
6144:CUPCHaSrGCFGMQZhKYWqdRBYn58JOBGmtMCANkRfX90OO1+JC5mfT4Neu:G62GiGMBHqhYOJONtMCesfXlKXk7A
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-