General
-
Target
0d0aad71f4f36d995cc2e100b855f9eca73cfd0bd70106b1edba8806a4e8857b
-
Size
479KB
-
Sample
221003-cxlypsccb7
-
MD5
48ed10e52dc849bd40d90c8731ccb4c1
-
SHA1
54ddf9778d9931e85c494c09013e114e2928e952
-
SHA256
0d0aad71f4f36d995cc2e100b855f9eca73cfd0bd70106b1edba8806a4e8857b
-
SHA512
b6f62c5c90cba15be639db0e03c3db2a5da4c935e693eee58c39390784453a5afe0c1abb46116cf32b0cfb7135c79d731ca895a74c87f982429101efc3ab70f3
-
SSDEEP
12288:9xzJHcadhEq/0HrGcLmq4Ake8U//dpR46GGQXVf0rJoE2:b9HcmAHP54686dsQ1i
Static task
static1
Behavioral task
behavioral1
Sample
0d0aad71f4f36d995cc2e100b855f9eca73cfd0bd70106b1edba8806a4e8857b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0d0aad71f4f36d995cc2e100b855f9eca73cfd0bd70106b1edba8806a4e8857b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
ratinyacomplawl.zapto.org:1604
DC_MUTEX-GL7RQ54
-
gencode
iccMZ3YEojkw
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
0d0aad71f4f36d995cc2e100b855f9eca73cfd0bd70106b1edba8806a4e8857b
-
Size
479KB
-
MD5
48ed10e52dc849bd40d90c8731ccb4c1
-
SHA1
54ddf9778d9931e85c494c09013e114e2928e952
-
SHA256
0d0aad71f4f36d995cc2e100b855f9eca73cfd0bd70106b1edba8806a4e8857b
-
SHA512
b6f62c5c90cba15be639db0e03c3db2a5da4c935e693eee58c39390784453a5afe0c1abb46116cf32b0cfb7135c79d731ca895a74c87f982429101efc3ab70f3
-
SSDEEP
12288:9xzJHcadhEq/0HrGcLmq4Ake8U//dpR46GGQXVf0rJoE2:b9HcmAHP54686dsQ1i
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-