General
-
Target
329d1b0ef6c7cff38838a20f5dfa682467aa7810db5890bed748d72cc5fc4db3
-
Size
1.6MB
-
Sample
220525-ct2jzsgbb3
-
MD5
178c2baefb6626687b762086a7162857
-
SHA1
3d5c62f40405adedafc593c36c10e2a270f932c6
-
SHA256
329d1b0ef6c7cff38838a20f5dfa682467aa7810db5890bed748d72cc5fc4db3
-
SHA512
74ae030dc3d18866263fa1730f7c0963b051b2867e6bdfe32251220a964f0d84a67649bdcd06596cc9d91ad0393cb0987af5f29da811cd6d786702e6c88a83fa
Static task
static1
Behavioral task
behavioral1
Sample
329d1b0ef6c7cff38838a20f5dfa682467aa7810db5890bed748d72cc5fc4db3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
329d1b0ef6c7cff38838a20f5dfa682467aa7810db5890bed748d72cc5fc4db3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
darkcomet
Sazan
127.0.0.1:1604
DC_MUTEX-D2H1NG0
-
gencode
Tgf2hTTuGTVx
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
329d1b0ef6c7cff38838a20f5dfa682467aa7810db5890bed748d72cc5fc4db3
-
Size
1.6MB
-
MD5
178c2baefb6626687b762086a7162857
-
SHA1
3d5c62f40405adedafc593c36c10e2a270f932c6
-
SHA256
329d1b0ef6c7cff38838a20f5dfa682467aa7810db5890bed748d72cc5fc4db3
-
SHA512
74ae030dc3d18866263fa1730f7c0963b051b2867e6bdfe32251220a964f0d84a67649bdcd06596cc9d91ad0393cb0987af5f29da811cd6d786702e6c88a83fa
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-