General
-
Target
c6d6b33557e9f71bfd7ae7c8fa4b99627e4d1439965bd50ddddfec8a7a0a78eb
-
Size
261KB
-
Sample
240308-agt82aaa56
-
MD5
fafb8f0c046acb149cadd466a78d4245
-
SHA1
798430ffb105221a01dd03bc77176f0a09493d1e
-
SHA256
c6d6b33557e9f71bfd7ae7c8fa4b99627e4d1439965bd50ddddfec8a7a0a78eb
-
SHA512
0fb7993cc62eb2872dc550eb0d5a5c3334574c330aa8bca384dc24e972ff4a79e3cfbcd49eed89b08b540ae6cbb64342c2fc7a245053b892e50710e11a54854b
-
SSDEEP
6144:lcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37n:lcW7KEZlPzCy37n
Behavioral task
behavioral1
Sample
c6d6b33557e9f71bfd7ae7c8fa4b99627e4d1439965bd50ddddfec8a7a0a78eb.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
1
igr15.noip.me:1604
DC_MUTEX-79LYMZP
-
InstallPath
app\CCleaner\CCleaner-resident.exe
-
gencode
psvXkE5w4SBk
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MSUpdate
Targets
-
-
Target
c6d6b33557e9f71bfd7ae7c8fa4b99627e4d1439965bd50ddddfec8a7a0a78eb
-
Size
261KB
-
MD5
fafb8f0c046acb149cadd466a78d4245
-
SHA1
798430ffb105221a01dd03bc77176f0a09493d1e
-
SHA256
c6d6b33557e9f71bfd7ae7c8fa4b99627e4d1439965bd50ddddfec8a7a0a78eb
-
SHA512
0fb7993cc62eb2872dc550eb0d5a5c3334574c330aa8bca384dc24e972ff4a79e3cfbcd49eed89b08b540ae6cbb64342c2fc7a245053b892e50710e11a54854b
-
SSDEEP
6144:lcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37n:lcW7KEZlPzCy37n
-
Modifies WinLogon for persistence
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-