General
-
Target
WinLocker_Builder_0.4.exe
-
Size
1.7MB
-
Sample
240311-n4ct6ahg98
-
MD5
410fe67a1b89105486140bb30a6b9ca9
-
SHA1
f8d50097c608da77637977f64e7a48f3da7bc092
-
SHA256
ff77277245800b3aa373bc1a9e789014ee50af2450133ae10c1569d84f32b2cf
-
SHA512
94dd01181936b14b3b6d638e3aee8016d8674e0c3d5a1b48c4e8e71d6ac940aeb359eeb29fff4abb16585520d0720de0a56d83a866058e6741d9a052486383e5
-
SSDEEP
24576:pGYwefQHQnJceBaVvlW1t39AJ4FsnAwtir2CESobryiGzozFg7c:pGYp5uvC9sAwtUH02c
Static task
static1
Behavioral task
behavioral1
Sample
WinLocker_Builder_0.4.exe
Resource
win10-20240221-en
Malware Config
Extracted
darkcomet
Guest16
gameservice.ddns.net:4320
DC_MUTEX-WBUNVXD
-
InstallPath
AudioDriver\taskhost.exe
-
gencode
EWSsWwgyJrUD
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
AudioDriver
Targets
-
-
Target
WinLocker_Builder_0.4.exe
-
Size
1.7MB
-
MD5
410fe67a1b89105486140bb30a6b9ca9
-
SHA1
f8d50097c608da77637977f64e7a48f3da7bc092
-
SHA256
ff77277245800b3aa373bc1a9e789014ee50af2450133ae10c1569d84f32b2cf
-
SHA512
94dd01181936b14b3b6d638e3aee8016d8674e0c3d5a1b48c4e8e71d6ac940aeb359eeb29fff4abb16585520d0720de0a56d83a866058e6741d9a052486383e5
-
SSDEEP
24576:pGYwefQHQnJceBaVvlW1t39AJ4FsnAwtir2CESobryiGzozFg7c:pGYp5uvC9sAwtUH02c
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-