General
-
Target
58bc9b0c5e16f64103d96cf3dab84488d9e44de1f17619163665bc30bf388df2
-
Size
756KB
-
Sample
220724-hgtw9sbaeq
-
MD5
29576b605f9b997bbb7bb7290dc63a8b
-
SHA1
a4ece5227c704039ac4556d8b2d5832404239f93
-
SHA256
58bc9b0c5e16f64103d96cf3dab84488d9e44de1f17619163665bc30bf388df2
-
SHA512
c6d246ca7126a4cd6e828ba6b283c446530d513f8be5ef546fba4e13061e39dad2dfc40c408129999af23960f3a6de3250caac56920f8499d2fcd711e7272b96
Behavioral task
behavioral1
Sample
58bc9b0c5e16f64103d96cf3dab84488d9e44de1f17619163665bc30bf388df2.exe
Resource
win7-20220715-en
Malware Config
Extracted
darkcomet
Guest16
zanyar.no-ip.org:1604
DC_MUTEX-1RBVPER
-
gencode
QKx5hvprenAe
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
58bc9b0c5e16f64103d96cf3dab84488d9e44de1f17619163665bc30bf388df2
-
Size
756KB
-
MD5
29576b605f9b997bbb7bb7290dc63a8b
-
SHA1
a4ece5227c704039ac4556d8b2d5832404239f93
-
SHA256
58bc9b0c5e16f64103d96cf3dab84488d9e44de1f17619163665bc30bf388df2
-
SHA512
c6d246ca7126a4cd6e828ba6b283c446530d513f8be5ef546fba4e13061e39dad2dfc40c408129999af23960f3a6de3250caac56920f8499d2fcd711e7272b96
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-