General
-
Target
5222326a77897dfe193608b034f8194317c6c55dc4ae4344b034f1c7bd7e5f12
-
Size
398KB
-
Sample
221019-2vh7gabhe2
-
MD5
922217c73db3cedb750ae07995ffbc4f
-
SHA1
08b31cb1d7ce2f739bf272f70dc90e00d598e427
-
SHA256
5222326a77897dfe193608b034f8194317c6c55dc4ae4344b034f1c7bd7e5f12
-
SHA512
3549fc8e9dfb42e5956c902c7a29774eb1a58d73d1273996c3b403df9d7600333c643fde18799436f8346b98c3c5adcdf8fd6ceea0ca2510441242bc3faa2937
-
SSDEEP
6144:h45diWUQUuvsMH9S3thuiIE4Hmmi0ZQ6JxRZGRHVOLIN:2quvZ9IjO3RUY
Static task
static1
Behavioral task
behavioral1
Sample
5222326a77897dfe193608b034f8194317c6c55dc4ae4344b034f1c7bd7e5f12.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
CS6-07/26
x631.zapto.org:3404
DC_MUTEX-HAXYN30
-
gencode
UVY1PuB8Wqid
-
install
false
-
offline_keylogger
true
-
password
59_x631_PMr
-
persistence
false
Targets
-
-
Target
5222326a77897dfe193608b034f8194317c6c55dc4ae4344b034f1c7bd7e5f12
-
Size
398KB
-
MD5
922217c73db3cedb750ae07995ffbc4f
-
SHA1
08b31cb1d7ce2f739bf272f70dc90e00d598e427
-
SHA256
5222326a77897dfe193608b034f8194317c6c55dc4ae4344b034f1c7bd7e5f12
-
SHA512
3549fc8e9dfb42e5956c902c7a29774eb1a58d73d1273996c3b403df9d7600333c643fde18799436f8346b98c3c5adcdf8fd6ceea0ca2510441242bc3faa2937
-
SSDEEP
6144:h45diWUQUuvsMH9S3thuiIE4Hmmi0ZQ6JxRZGRHVOLIN:2quvZ9IjO3RUY
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-