General
-
Target
4b25575a20e1c416d898cd3e38281e16a9eec5be5dbd8ea4bbcfc3c84332c93b
-
Size
382KB
-
Sample
220712-my1tcshga7
-
MD5
1727e622a856a6b90046baa9d95115cf
-
SHA1
38b574ee6d360c80379eb87dd2d7bf4096bc80d3
-
SHA256
4b25575a20e1c416d898cd3e38281e16a9eec5be5dbd8ea4bbcfc3c84332c93b
-
SHA512
4424507c010b5fad35ac67ff453e2ec81d2e2995debb7118c0801f13b16c81e0ea0ecc0bd00c471e16f670a61c3fe9fdcf25e667c4615b0dccfe627913c3d924
Static task
static1
Behavioral task
behavioral1
Sample
4b25575a20e1c416d898cd3e38281e16a9eec5be5dbd8ea4bbcfc3c84332c93b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4b25575a20e1c416d898cd3e38281e16a9eec5be5dbd8ea4bbcfc3c84332c93b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
darkcomet
JDB
runescape6.no-ip.org:1604
DC_MUTEX-TC2MWWW
-
gencode
n72E9o3YwQwo
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
4b25575a20e1c416d898cd3e38281e16a9eec5be5dbd8ea4bbcfc3c84332c93b
-
Size
382KB
-
MD5
1727e622a856a6b90046baa9d95115cf
-
SHA1
38b574ee6d360c80379eb87dd2d7bf4096bc80d3
-
SHA256
4b25575a20e1c416d898cd3e38281e16a9eec5be5dbd8ea4bbcfc3c84332c93b
-
SHA512
4424507c010b5fad35ac67ff453e2ec81d2e2995debb7118c0801f13b16c81e0ea0ecc0bd00c471e16f670a61c3fe9fdcf25e667c4615b0dccfe627913c3d924
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-