General
-
Target
omgf.exe
-
Size
334KB
-
Sample
230408-lhtvfacf82
-
MD5
94417934059ba8724ff5933a244441da
-
SHA1
3ac2b1bb84efd7284650ebb25c2a60d4665e8785
-
SHA256
d530105c5a60d787d0060424b996e547f3db4b2cfd12d1320d56f3b59a2f34e3
-
SHA512
3a7e6f666bbfc7b054f7d351c54915e16f57339628682fa5ac628619fb6b74e3216a53c79d861ac9f80e211f1df055e7f41f9bd4f83da49ef5883b854e8c2b68
-
SSDEEP
6144:UMMWJH007FoGoyy3GSrsM/XII6aN2Z1sVd+SK6brDgNqpbn+UnCP8NBKKhcKXbJ:pJH0NGoyYYB7Z10s+DgNqR+T8NBKebJ
Static task
static1
Malware Config
Extracted
darkcomet
Guest16
147.185.221.212:46856
DC_MUTEX-F4BY55C
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
K5uLvFjyQEWC
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
omgf.exe
-
Size
334KB
-
MD5
94417934059ba8724ff5933a244441da
-
SHA1
3ac2b1bb84efd7284650ebb25c2a60d4665e8785
-
SHA256
d530105c5a60d787d0060424b996e547f3db4b2cfd12d1320d56f3b59a2f34e3
-
SHA512
3a7e6f666bbfc7b054f7d351c54915e16f57339628682fa5ac628619fb6b74e3216a53c79d861ac9f80e211f1df055e7f41f9bd4f83da49ef5883b854e8c2b68
-
SSDEEP
6144:UMMWJH007FoGoyy3GSrsM/XII6aN2Z1sVd+SK6brDgNqpbn+UnCP8NBKKhcKXbJ:pJH0NGoyYYB7Z10s+DgNqR+T8NBKebJ
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-