General
-
Target
Bhop Leo X 24 Febrero.rar
-
Size
32.8MB
-
Sample
221229-egv8jscc62
-
MD5
318567a5b9b9c776c27b052c5d504e6b
-
SHA1
060cb6c12a4e1f066c71eac1f3175b776a64049b
-
SHA256
350ff935460423d34cfc24b2624ff9d9fa42f7840782cdd0bb26f14c2298c1e3
-
SHA512
c7d1a0c5adb48dec802101431b487c3b5300be183d9f5d2866f9eb9345737217edbf9ef6315a949233e16e9eca9cc05bd779baa2943e519df9c7ba2aaa7c5895
-
SSDEEP
786432:B5pvNLGHLzk+AdzlrzY5Jg9+Wwd7B5E7GxXhtNTVG:1Y3k+K+/g9+Wi95EOrNTVG
Static task
static1
Malware Config
Extracted
darkcomet
Guest16
gameservice.ddns.net:4320
DC_MUTEX-WBUNVXD
-
InstallPath
AudioDriver\taskhost.exe
-
gencode
EWSsWwgyJrUD
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
AudioDriver
Targets
-
-
Target
Bhop Leo X 24 Febrero.rar
-
Size
32.8MB
-
MD5
318567a5b9b9c776c27b052c5d504e6b
-
SHA1
060cb6c12a4e1f066c71eac1f3175b776a64049b
-
SHA256
350ff935460423d34cfc24b2624ff9d9fa42f7840782cdd0bb26f14c2298c1e3
-
SHA512
c7d1a0c5adb48dec802101431b487c3b5300be183d9f5d2866f9eb9345737217edbf9ef6315a949233e16e9eca9cc05bd779baa2943e519df9c7ba2aaa7c5895
-
SSDEEP
786432:B5pvNLGHLzk+AdzlrzY5Jg9+Wwd7B5E7GxXhtNTVG:1Y3k+K+/g9+Wi95EOrNTVG
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-