General
-
Target
5e55e6601d8142d98d1d00ac81fb33a543f1a38b4cc1c2f4bcf775bb812e7a01
-
Size
349KB
-
Sample
230130-e4n3rahb73
-
MD5
81cec00ff50a65a390981ef265b16572
-
SHA1
58c1f2f4e8bfe780fa2b5d3a4ffcab1216df472c
-
SHA256
5e55e6601d8142d98d1d00ac81fb33a543f1a38b4cc1c2f4bcf775bb812e7a01
-
SHA512
df165430573fd8f929d7649e4a9f407f91cd9f54132553cd3dd667dfeffb6ba061e7c3d0ddbb946cadc32ebd96777b23d9bdcfee125943869de7f15921b69048
-
SSDEEP
6144:wcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37xFI2RwplSZkOiu9PZ/p:wcW7KEZlPzCy37xtRPNVR
Behavioral task
behavioral1
Sample
5e55e6601d8142d98d1d00ac81fb33a543f1a38b4cc1c2f4bcf775bb812e7a01.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Chicken
gtdd.no-ip.biz:1105
DC_MUTEX-B13T4XC
-
InstallPath
MSDCSC\vhost.exe
-
gencode
QHay4Gs8uSDT
-
install
true
-
offline_keylogger
true
-
password
11051986
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
5e55e6601d8142d98d1d00ac81fb33a543f1a38b4cc1c2f4bcf775bb812e7a01
-
Size
349KB
-
MD5
81cec00ff50a65a390981ef265b16572
-
SHA1
58c1f2f4e8bfe780fa2b5d3a4ffcab1216df472c
-
SHA256
5e55e6601d8142d98d1d00ac81fb33a543f1a38b4cc1c2f4bcf775bb812e7a01
-
SHA512
df165430573fd8f929d7649e4a9f407f91cd9f54132553cd3dd667dfeffb6ba061e7c3d0ddbb946cadc32ebd96777b23d9bdcfee125943869de7f15921b69048
-
SSDEEP
6144:wcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37xFI2RwplSZkOiu9PZ/p:wcW7KEZlPzCy37xtRPNVR
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-