General
-
Target
6d1a5fa7760661ff4862aa01fc461f5e8260b290b1e97dc33eede2a3d9b66175
-
Size
1.6MB
-
Sample
220524-3aav2afbfq
-
MD5
36a1093ba903a8f60018be5a47b64f4d
-
SHA1
29e900950b9f4910bfbb6d40425c4acf9860050d
-
SHA256
6d1a5fa7760661ff4862aa01fc461f5e8260b290b1e97dc33eede2a3d9b66175
-
SHA512
ccc024b732e2b0a9770ce6db9dd5bbbeeeddaa6c6e8ac492eab099abb7354246bc6b2b80b137d6a5215f6648295c1edbc871fcaf6cc55d46eab1c762674f8dd9
Static task
static1
Behavioral task
behavioral1
Sample
6d1a5fa7760661ff4862aa01fc461f5e8260b290b1e97dc33eede2a3d9b66175.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6d1a5fa7760661ff4862aa01fc461f5e8260b290b1e97dc33eede2a3d9b66175.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
darkcomet
Sazan
127.0.0.1:1604
DC_MUTEX-XYKG11G
-
gencode
UtdF4g2keNM8
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
6d1a5fa7760661ff4862aa01fc461f5e8260b290b1e97dc33eede2a3d9b66175
-
Size
1.6MB
-
MD5
36a1093ba903a8f60018be5a47b64f4d
-
SHA1
29e900950b9f4910bfbb6d40425c4acf9860050d
-
SHA256
6d1a5fa7760661ff4862aa01fc461f5e8260b290b1e97dc33eede2a3d9b66175
-
SHA512
ccc024b732e2b0a9770ce6db9dd5bbbeeeddaa6c6e8ac492eab099abb7354246bc6b2b80b137d6a5215f6648295c1edbc871fcaf6cc55d46eab1c762674f8dd9
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-