General
-
Target
$$dinamikCristal$$.exe
-
Size
746KB
-
Sample
240219-ftyd4shh9y
-
MD5
54090521d667d44350d72b066c6f242a
-
SHA1
20424c81eb3b6bd68467333f7e45e60f7571518a
-
SHA256
1c21cb19240f4e2b1ec3490c54a437b84345f41298ccc3d5c17fe8bf3dd16ba3
-
SHA512
fde7c2f5f2558bf315e567898f93bffa9320670ebddb6bbba66541c3a93f21737398ed7d1dd134086bb9e9cdd00f580f434ac210dd68e57a371df855af3222bc
-
SSDEEP
12288:jBdlwHRn+WlYV+8T+tkpeZuCWbKeYQjL7niHpwrcURuwSs/Y:jBkVdlYAKc1WmEjL7niHpwrcU2s/Y
Static task
static1
Malware Config
Extracted
darkcomet
Guest16
4.tcp.eu.ngrok.io:16885
4.tcp.eu.ngrok.io:1604
DC_MUTEX-Z4PMKKC
-
gencode
42mAfR1mKy33
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
$$dinamikCristal$$.exe
-
Size
746KB
-
MD5
54090521d667d44350d72b066c6f242a
-
SHA1
20424c81eb3b6bd68467333f7e45e60f7571518a
-
SHA256
1c21cb19240f4e2b1ec3490c54a437b84345f41298ccc3d5c17fe8bf3dd16ba3
-
SHA512
fde7c2f5f2558bf315e567898f93bffa9320670ebddb6bbba66541c3a93f21737398ed7d1dd134086bb9e9cdd00f580f434ac210dd68e57a371df855af3222bc
-
SSDEEP
12288:jBdlwHRn+WlYV+8T+tkpeZuCWbKeYQjL7niHpwrcURuwSs/Y:jBkVdlYAKc1WmEjL7niHpwrcU2s/Y
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-