General
-
Target
8e0cdb08c3f33c1bc12b8cac91128b2f0266ad590b83b370240c2139d97701f4
-
Size
765KB
-
Sample
221123-qzkejsac8t
-
MD5
dd06a8927a31a5b58a15c778c7ac6e6f
-
SHA1
8008faee85087b64a606c08fb90190031555f701
-
SHA256
8e0cdb08c3f33c1bc12b8cac91128b2f0266ad590b83b370240c2139d97701f4
-
SHA512
056bf7e9f3732caed59693a22effa4a94ccd5b597d3a85b05827c849ee854a5fedbd721c9abb5ef6afdf05f46b187968298229e62e96017ec81fbb2387be72d1
-
SSDEEP
12288:OfCDl0frXblOB1qM0Ml0snT2/1RrVbt56xEb/nWbKrjSAigkLh+LECDBjgi:jmXbl2hk/1rbcc/RruA9FLVjg
Static task
static1
Behavioral task
behavioral1
Sample
8e0cdb08c3f33c1bc12b8cac91128b2f0266ad590b83b370240c2139d97701f4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8e0cdb08c3f33c1bc12b8cac91128b2f0266ad590b83b370240c2139d97701f4.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
ALI
ceiec2008.ddns.net:200
DCMIN_MUTEX-AWCAR87
-
gencode
6nxiuXbNh2Jz
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
8e0cdb08c3f33c1bc12b8cac91128b2f0266ad590b83b370240c2139d97701f4
-
Size
765KB
-
MD5
dd06a8927a31a5b58a15c778c7ac6e6f
-
SHA1
8008faee85087b64a606c08fb90190031555f701
-
SHA256
8e0cdb08c3f33c1bc12b8cac91128b2f0266ad590b83b370240c2139d97701f4
-
SHA512
056bf7e9f3732caed59693a22effa4a94ccd5b597d3a85b05827c849ee854a5fedbd721c9abb5ef6afdf05f46b187968298229e62e96017ec81fbb2387be72d1
-
SSDEEP
12288:OfCDl0frXblOB1qM0Ml0snT2/1RrVbt56xEb/nWbKrjSAigkLh+LECDBjgi:jmXbl2hk/1rbcc/RruA9FLVjg
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-