General
-
Target
538db7d8c9f70df0bfa7c2bb595c5a0a62a6fc94774215cc5712b68aea4d2cf3
-
Size
756KB
-
Sample
220716-3h8f9sfghk
-
MD5
87128a9efc71d323e5a937ae3e860462
-
SHA1
9a502e1221807eae8e1e69603e29c6c40ab1b18a
-
SHA256
538db7d8c9f70df0bfa7c2bb595c5a0a62a6fc94774215cc5712b68aea4d2cf3
-
SHA512
44bea7619b844a2803f957e1257d82ad112b4f5ae48dbac72433d7ac19821b9f3735fb6a29189749d43261dc117e037429c5d58011400a7d93ab07a8ef1f6b4c
Behavioral task
behavioral1
Sample
538db7d8c9f70df0bfa7c2bb595c5a0a62a6fc94774215cc5712b68aea4d2cf3.exe
Resource
win7-20220715-en
Malware Config
Extracted
darkcomet
Guest16
zanyar1993.no-ip.biz:1604
DC_MUTEX-0TX6RSW
-
gencode
XQXaShiVPDPE
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
538db7d8c9f70df0bfa7c2bb595c5a0a62a6fc94774215cc5712b68aea4d2cf3
-
Size
756KB
-
MD5
87128a9efc71d323e5a937ae3e860462
-
SHA1
9a502e1221807eae8e1e69603e29c6c40ab1b18a
-
SHA256
538db7d8c9f70df0bfa7c2bb595c5a0a62a6fc94774215cc5712b68aea4d2cf3
-
SHA512
44bea7619b844a2803f957e1257d82ad112b4f5ae48dbac72433d7ac19821b9f3735fb6a29189749d43261dc117e037429c5d58011400a7d93ab07a8ef1f6b4c
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-