General
-
Target
5c5ef078455d17ba4169bbeb41e38698d589ed2e70298403df5e6e208d313bd7
-
Size
356KB
-
Sample
220801-r7jcwshff4
-
MD5
93b88d2fd387095c11fe97a8c97b14d3
-
SHA1
0074842f206ae020b5e93ee74922715993ad810a
-
SHA256
5c5ef078455d17ba4169bbeb41e38698d589ed2e70298403df5e6e208d313bd7
-
SHA512
d12943eb82522533ff7125819bce045b9649cd53e6de4801e91ba0700bfbfcb73721c106c05f7ac509c9f3b2facc1c160ac37becb73d4e95e9359e7fddbadcf2
Static task
static1
Behavioral task
behavioral1
Sample
5c5ef078455d17ba4169bbeb41e38698d589ed2e70298403df5e6e208d313bd7.exe
Resource
win7-20220718-en
Malware Config
Extracted
darkcomet
slave
childsupport.no-ip.biz:13337
unknownpaq.no-ip.biz:6929
DC_MUTEX-JG1WUQR
-
gencode
kfapUZWkF6Yb
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
5c5ef078455d17ba4169bbeb41e38698d589ed2e70298403df5e6e208d313bd7
-
Size
356KB
-
MD5
93b88d2fd387095c11fe97a8c97b14d3
-
SHA1
0074842f206ae020b5e93ee74922715993ad810a
-
SHA256
5c5ef078455d17ba4169bbeb41e38698d589ed2e70298403df5e6e208d313bd7
-
SHA512
d12943eb82522533ff7125819bce045b9649cd53e6de4801e91ba0700bfbfcb73721c106c05f7ac509c9f3b2facc1c160ac37becb73d4e95e9359e7fddbadcf2
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-