General
-
Target
Vlauncher.exe
-
Size
26.4MB
-
Sample
230414-wvs4saba53
-
MD5
29af9f200a5555eaf2c91369eeb61ef9
-
SHA1
e16c1da506b2c570eb0bb0025236fdf49e36d0e5
-
SHA256
2ac1ab2ecb9c0ef930dbc8b19fb0af28a75d801fc488ee0fdc8313274af94c10
-
SHA512
f9d776acdec355a88b018b06c4d6ed96ea19d1584459de3708c11e293c7d8509148c2c3dab272d419af57f7420a66cec7d794c128704282991e02c3f2d80b6d7
-
SSDEEP
786432:z18588kf2V8N1gigncPb8Ltt9Vp3kzsOJDtz0uk:qVc1yc+ttT0sOnYj
Static task
static1
Behavioral task
behavioral1
Sample
Vlauncher.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Vlauncher.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
darkcomet
MINEEZ
blackacoleka.ddns.net:81
blackacoleka.ddns.net:1604
185.184.130.37:81
185.184.130.37:1604
DC_MUTEX-QWTG6XT
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
U5loPcxXxbBL
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
MinecraftePIb
blackacoleka.ddns.net:5552
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Targets
-
-
Target
Vlauncher.exe
-
Size
26.4MB
-
MD5
29af9f200a5555eaf2c91369eeb61ef9
-
SHA1
e16c1da506b2c570eb0bb0025236fdf49e36d0e5
-
SHA256
2ac1ab2ecb9c0ef930dbc8b19fb0af28a75d801fc488ee0fdc8313274af94c10
-
SHA512
f9d776acdec355a88b018b06c4d6ed96ea19d1584459de3708c11e293c7d8509148c2c3dab272d419af57f7420a66cec7d794c128704282991e02c3f2d80b6d7
-
SSDEEP
786432:z18588kf2V8N1gigncPb8Ltt9Vp3kzsOJDtz0uk:qVc1yc+ttT0sOnYj
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-