General
-
Target
c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a
-
Size
253KB
-
Sample
221003-tldlmaebdr
-
MD5
4f58ca7bf2bdb17cef34246ae67f0c39
-
SHA1
954c249f615a88ea3072a0bb58f3f439f66defb8
-
SHA256
c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a
-
SHA512
f0dd425f38ece5b44465b7a9b023816bb1bf9560650ca184e488f0c8290b7ae548d233d59f36262c402df4ef8302f81b0f25d189eb8ca4240e44c62822154a41
-
SSDEEP
6144:ED7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ:El8E4w5huat7UovONzbXw
Behavioral task
behavioral1
Sample
c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
192.168.2.101:1604
87.156.187.155:1604
DC_MUTEX-WP4DNE0
-
gencode
03mWNfCYgk9F
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a
-
Size
253KB
-
MD5
4f58ca7bf2bdb17cef34246ae67f0c39
-
SHA1
954c249f615a88ea3072a0bb58f3f439f66defb8
-
SHA256
c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a
-
SHA512
f0dd425f38ece5b44465b7a9b023816bb1bf9560650ca184e488f0c8290b7ae548d233d59f36262c402df4ef8302f81b0f25d189eb8ca4240e44c62822154a41
-
SSDEEP
6144:ED7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ:El8E4w5huat7UovONzbXw
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-