General
-
Target
27babbf7de731d1fe14368b9bcee2299
-
Size
660KB
-
Sample
231231-etpljahahr
-
MD5
27babbf7de731d1fe14368b9bcee2299
-
SHA1
a3d215315c8133b4d17dc0f96a47e8a0e5061f8a
-
SHA256
c771468a116677140a3927659b4f49fc35eb14a4a72d9a8309266edc19d4a9c8
-
SHA512
2e4baf69645ee9d81a03e0ff3294b733acfb2d77c910e684505bf21991db232358a284383bc1d607f9fcffdb280daa57f165646ff288da4cd1dfe967cab7149b
-
SSDEEP
12288:0XhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uc:inAw2WWeFcfbP9VPSPMTSPL/rWvzq4JM
Behavioral task
behavioral1
Sample
27babbf7de731d1fe14368b9bcee2299.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
27babbf7de731d1fe14368b9bcee2299.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Guest16
klol.no-ip.info:1604
DC_MUTEX-XACN1GV
-
InstallPath
system32\CmDUpdater.exe
-
gencode
0asbWfAvhwx5
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
27babbf7de731d1fe14368b9bcee2299
-
Size
660KB
-
MD5
27babbf7de731d1fe14368b9bcee2299
-
SHA1
a3d215315c8133b4d17dc0f96a47e8a0e5061f8a
-
SHA256
c771468a116677140a3927659b4f49fc35eb14a4a72d9a8309266edc19d4a9c8
-
SHA512
2e4baf69645ee9d81a03e0ff3294b733acfb2d77c910e684505bf21991db232358a284383bc1d607f9fcffdb280daa57f165646ff288da4cd1dfe967cab7149b
-
SSDEEP
12288:0XhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uc:inAw2WWeFcfbP9VPSPMTSPL/rWvzq4JM
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-