General
-
Target
803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba
-
Size
658KB
-
Sample
220520-3wfy6scean
-
MD5
c9f2633623802b25ef05ed1f0368c6f7
-
SHA1
3408dbb4ae9b08f527c25fdcfe3719b45bde95f9
-
SHA256
803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba
-
SHA512
86df127aa8c5ed2f6f1ad1766d8f5f49eec73bd6c8a9898750b260321392b7e7f4ac0d8b81748ab4d308276d8e1fa31bc303d99d750056668fd4b5059880fbd3
Behavioral task
behavioral1
Sample
803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
Guest16
tresha.ddns.net:1604
tresha.ddns.net:27015
DC_MUTEX-P6P932C
-
gencode
C3gbA0cRLfCf
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba
-
Size
658KB
-
MD5
c9f2633623802b25ef05ed1f0368c6f7
-
SHA1
3408dbb4ae9b08f527c25fdcfe3719b45bde95f9
-
SHA256
803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba
-
SHA512
86df127aa8c5ed2f6f1ad1766d8f5f49eec73bd6c8a9898750b260321392b7e7f4ac0d8b81748ab4d308276d8e1fa31bc303d99d750056668fd4b5059880fbd3
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-