General
-
Target
e924ac42c2776f4f205adf4ac16ac9f084268b9dbf98c62bb5332023b2e7afb9
-
Size
1.3MB
-
Sample
230130-azk33scf8w
-
MD5
24042fbaddf020f75245eb4fbbb83c37
-
SHA1
95701bd8e4290dae49be65f568474ec05f0e31bd
-
SHA256
e924ac42c2776f4f205adf4ac16ac9f084268b9dbf98c62bb5332023b2e7afb9
-
SHA512
7e7eda6d359c98a93142a534692471c855fec68f31ee32032046f5188c8110cfad60b1c8670bbe1f29b59dc33c2453e23b83d40cb07b1f8b4ad10960ac49d171
-
SSDEEP
12288:ghkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aU0P/DbQhyUek4vIv5Okp3:oRmJkcoQricOIQxiZY1iaU0XDkAS1spa
Static task
static1
Behavioral task
behavioral1
Sample
e924ac42c2776f4f205adf4ac16ac9f084268b9dbf98c62bb5332023b2e7afb9.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
11111
daynasmith.no-ip.biz:100
DC_MUTEX-CZZNYJ8
-
InstallPath
explorer\explorer.exe
-
gencode
u4Tprg0v4gJm
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
explorer.exe
Targets
-
-
Target
e924ac42c2776f4f205adf4ac16ac9f084268b9dbf98c62bb5332023b2e7afb9
-
Size
1.3MB
-
MD5
24042fbaddf020f75245eb4fbbb83c37
-
SHA1
95701bd8e4290dae49be65f568474ec05f0e31bd
-
SHA256
e924ac42c2776f4f205adf4ac16ac9f084268b9dbf98c62bb5332023b2e7afb9
-
SHA512
7e7eda6d359c98a93142a534692471c855fec68f31ee32032046f5188c8110cfad60b1c8670bbe1f29b59dc33c2453e23b83d40cb07b1f8b4ad10960ac49d171
-
SSDEEP
12288:ghkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aU0P/DbQhyUek4vIv5Okp3:oRmJkcoQricOIQxiZY1iaU0XDkAS1spa
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-