General
-
Target
1cf894034aa3ae6187472ce8e545cd0f2e24b0407696cd9654676ffc87eeaa5c
-
Size
722KB
-
Sample
221019-3efbbachhp
-
MD5
91830b892702d4496c4ecd45a191d330
-
SHA1
7af0492e53b346643a77b04513155cd864af3199
-
SHA256
1cf894034aa3ae6187472ce8e545cd0f2e24b0407696cd9654676ffc87eeaa5c
-
SHA512
face37fe329a81cc98bc0f8030f6d42f9a659d4fe541e4f2304730abb5957cde476f12af4bc40b8723c110581f50bddbbf401f0b86b0afc0fa2f4e26a717e657
-
SSDEEP
12288:vr5sjXgP0xVrcocupwKINhLjNWuwcWd17YBB3Xox2qz+uQ3JuJTXh2v+m:vr+gP+9FpwK5uwcWd5ooRyL5N9
Static task
static1
Behavioral task
behavioral1
Sample
1cf894034aa3ae6187472ce8e545cd0f2e24b0407696cd9654676ffc87eeaa5c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1cf894034aa3ae6187472ce8e545cd0f2e24b0407696cd9654676ffc87eeaa5c.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
b_warden0111
warden.zapto.org:34282
DC_MUTEX-XTJ4R0M
-
gencode
StHkpYefFW6V
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
1cf894034aa3ae6187472ce8e545cd0f2e24b0407696cd9654676ffc87eeaa5c
-
Size
722KB
-
MD5
91830b892702d4496c4ecd45a191d330
-
SHA1
7af0492e53b346643a77b04513155cd864af3199
-
SHA256
1cf894034aa3ae6187472ce8e545cd0f2e24b0407696cd9654676ffc87eeaa5c
-
SHA512
face37fe329a81cc98bc0f8030f6d42f9a659d4fe541e4f2304730abb5957cde476f12af4bc40b8723c110581f50bddbbf401f0b86b0afc0fa2f4e26a717e657
-
SSDEEP
12288:vr5sjXgP0xVrcocupwKINhLjNWuwcWd17YBB3Xox2qz+uQ3JuJTXh2v+m:vr+gP+9FpwK5uwcWd5ooRyL5N9
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-