General
-
Target
37e0c72ff5d602968aa7c84e60d0690111f99c30cea4aa36381a990ac870c29f
-
Size
690KB
-
Sample
220521-xyw6aacge8
-
MD5
4f2ac7edd1bda1c4e4d629b42ce590ef
-
SHA1
8eb7ad9073f82112d2327b85dc47813666dda5a6
-
SHA256
37e0c72ff5d602968aa7c84e60d0690111f99c30cea4aa36381a990ac870c29f
-
SHA512
f22625988d8d284a5212e458a2593950c3e3f8a6667bee246e4be281e2a057d9b642085ad9afb7f9cd647eb4360c214b4de71fc09e6821ab4985a10888e12d55
Behavioral task
behavioral1
Sample
37e0c72ff5d602968aa7c84e60d0690111f99c30cea4aa36381a990ac870c29f.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-RXJB8CR
-
gencode
uSoQE9aiZhhD
-
install
false
-
offline_keylogger
true
-
password
0123456789
-
persistence
false
Targets
-
-
Target
37e0c72ff5d602968aa7c84e60d0690111f99c30cea4aa36381a990ac870c29f
-
Size
690KB
-
MD5
4f2ac7edd1bda1c4e4d629b42ce590ef
-
SHA1
8eb7ad9073f82112d2327b85dc47813666dda5a6
-
SHA256
37e0c72ff5d602968aa7c84e60d0690111f99c30cea4aa36381a990ac870c29f
-
SHA512
f22625988d8d284a5212e458a2593950c3e3f8a6667bee246e4be281e2a057d9b642085ad9afb7f9cd647eb4360c214b4de71fc09e6821ab4985a10888e12d55
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-