General
-
Target
e9ff6f4a20f8f503790936f5a6601d523b0543284d763dedf8525ea5f3ed8e21
-
Size
555KB
-
Sample
221108-zv6xesaebl
-
MD5
0eb34141a4641bfed8aad9ff39e769c0
-
SHA1
1db95c652b573a812c54f0d43fee28817d001652
-
SHA256
e9ff6f4a20f8f503790936f5a6601d523b0543284d763dedf8525ea5f3ed8e21
-
SHA512
561aa2635ff79bb88724b38a195faaadb346c5ee4e6bee5f46d7e1bccc511b03edf58885478fd4aa7d8ca0c1f16db15d081440e14cdc70f209d4f1093cc2ad60
-
SSDEEP
12288:cgztz6C2jce9DKy4bi1De6wW2gIbJl0ekRzO0FzJAdq:F96zRl+d7luVKmUq
Static task
static1
Behavioral task
behavioral1
Sample
e9ff6f4a20f8f503790936f5a6601d523b0543284d763dedf8525ea5f3ed8e21.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Victime
taraji19.no-ip.org:81
DC_MUTEX-PJKYUUB
-
gencode
7uBzBgo1DC3L
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
e9ff6f4a20f8f503790936f5a6601d523b0543284d763dedf8525ea5f3ed8e21
-
Size
555KB
-
MD5
0eb34141a4641bfed8aad9ff39e769c0
-
SHA1
1db95c652b573a812c54f0d43fee28817d001652
-
SHA256
e9ff6f4a20f8f503790936f5a6601d523b0543284d763dedf8525ea5f3ed8e21
-
SHA512
561aa2635ff79bb88724b38a195faaadb346c5ee4e6bee5f46d7e1bccc511b03edf58885478fd4aa7d8ca0c1f16db15d081440e14cdc70f209d4f1093cc2ad60
-
SSDEEP
12288:cgztz6C2jce9DKy4bi1De6wW2gIbJl0ekRzO0FzJAdq:F96zRl+d7luVKmUq
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-