General
-
Target
3f0ee086800656a7289a10a88129b4529ed681135e6719e98e5c2211f89bef83
-
Size
2.1MB
-
Sample
221013-rvm6bahfc7
-
MD5
7c9f7a338763a8f8787b59a228859bbb
-
SHA1
331a1cc77a9a9bcb3e4e5aaa96956959fa8b8774
-
SHA256
3f0ee086800656a7289a10a88129b4529ed681135e6719e98e5c2211f89bef83
-
SHA512
7f8fd542d88049a58ee269652554479eb64a6f165389c547a1688fb8b4d6a0cb799b0a5a7fe54ea627bf064d9dd451f888018ade77f93edf866c35beccdee304
-
SSDEEP
49152:6bcmHj22vaSAIwz4okMIue9J/DEtyPpFEqpcCZFe1/zdHFpwyfq2K/6+8wH:6wCj3y/3kMId9J7EEPpWtCZFe1/zXXf2
Behavioral task
behavioral1
Sample
3f0ee086800656a7289a10a88129b4529ed681135e6719e98e5c2211f89bef83.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Bot
chotilnw1415.no-ip.biz:81
DC_MUTEX-AMLJTZU
-
gencode
o3WmPEJzkNRt
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
3f0ee086800656a7289a10a88129b4529ed681135e6719e98e5c2211f89bef83
-
Size
2.1MB
-
MD5
7c9f7a338763a8f8787b59a228859bbb
-
SHA1
331a1cc77a9a9bcb3e4e5aaa96956959fa8b8774
-
SHA256
3f0ee086800656a7289a10a88129b4529ed681135e6719e98e5c2211f89bef83
-
SHA512
7f8fd542d88049a58ee269652554479eb64a6f165389c547a1688fb8b4d6a0cb799b0a5a7fe54ea627bf064d9dd451f888018ade77f93edf866c35beccdee304
-
SSDEEP
49152:6bcmHj22vaSAIwz4okMIue9J/DEtyPpFEqpcCZFe1/zdHFpwyfq2K/6+8wH:6wCj3y/3kMId9J7EEPpWtCZFe1/zXXf2
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-