General
-
Target
ddd2d7bdce44a310ad556546fea28779c5681038e43173f3f2634b02bb667de7
-
Size
644KB
-
Sample
221003-b7wefscffq
-
MD5
43a0f72e171d7fd4f453df50b0084bf0
-
SHA1
9077d663a1e5f11bc3d321702191322ec27640a2
-
SHA256
ddd2d7bdce44a310ad556546fea28779c5681038e43173f3f2634b02bb667de7
-
SHA512
5ac828f7e5978608c0978fc25dadae168d812d571de222a2dd959e0a5beb4c7c07936fe469f65cc8aa5827822fe6e99fc7227e746e8b7ea85c180d7917002364
-
SSDEEP
12288:BDzjXIrL/9Pz7zZEuur8ci6RuFvvaipMT47mdbgLZVcp5T8zis4tj:lzjWFcAciDp3pdmdbCVcpJQirj
Static task
static1
Behavioral task
behavioral1
Sample
ddd2d7bdce44a310ad556546fea28779c5681038e43173f3f2634b02bb667de7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ddd2d7bdce44a310ad556546fea28779c5681038e43173f3f2634b02bb667de7.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
OZO EGO E MONEY
ozowarac.duckdns.org:3361
GEGGGGGG
-
gencode
w12MLsqVoZu3
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
ddd2d7bdce44a310ad556546fea28779c5681038e43173f3f2634b02bb667de7
-
Size
644KB
-
MD5
43a0f72e171d7fd4f453df50b0084bf0
-
SHA1
9077d663a1e5f11bc3d321702191322ec27640a2
-
SHA256
ddd2d7bdce44a310ad556546fea28779c5681038e43173f3f2634b02bb667de7
-
SHA512
5ac828f7e5978608c0978fc25dadae168d812d571de222a2dd959e0a5beb4c7c07936fe469f65cc8aa5827822fe6e99fc7227e746e8b7ea85c180d7917002364
-
SSDEEP
12288:BDzjXIrL/9Pz7zZEuur8ci6RuFvvaipMT47mdbgLZVcp5T8zis4tj:lzjWFcAciDp3pdmdbCVcpJQirj
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-