General
-
Target
ae09e31694f993c501a0be510387740d2c0183746cd211e06df209832780f0bf
-
Size
656KB
-
Sample
221123-qm4yesed48
-
MD5
43cf563f1ec7d4e846fb8026b25dfd22
-
SHA1
8f17ea13d266f6000700264447eebcfca706ac87
-
SHA256
ae09e31694f993c501a0be510387740d2c0183746cd211e06df209832780f0bf
-
SHA512
d526402638b4afd4510c7b18beff61b5eb16b2c69a8ec5a6b08b555b6fb52e022c8026b2db69c062f0f3ddb482b3f7ead0140350c2c795236971a2c7e0d302ca
-
SSDEEP
12288:p+zAJeM/XzsV9TBhwxPtztYHz4A7dfmHZJXPgu6Z08vm:p+8JX/Xz29TBO1BYT4A7Bmr4u6Z08m
Static task
static1
Behavioral task
behavioral1
Sample
ae09e31694f993c501a0be510387740d2c0183746cd211e06df209832780f0bf.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
IFY
uche.ddns.net:1604
DC_MUTEX-UU8NM43
-
gencode
8tkYU6w6xNHG
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
ae09e31694f993c501a0be510387740d2c0183746cd211e06df209832780f0bf
-
Size
656KB
-
MD5
43cf563f1ec7d4e846fb8026b25dfd22
-
SHA1
8f17ea13d266f6000700264447eebcfca706ac87
-
SHA256
ae09e31694f993c501a0be510387740d2c0183746cd211e06df209832780f0bf
-
SHA512
d526402638b4afd4510c7b18beff61b5eb16b2c69a8ec5a6b08b555b6fb52e022c8026b2db69c062f0f3ddb482b3f7ead0140350c2c795236971a2c7e0d302ca
-
SSDEEP
12288:p+zAJeM/XzsV9TBhwxPtztYHz4A7dfmHZJXPgu6Z08vm:p+8JX/Xz29TBO1BYT4A7Bmr4u6Z08m
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-