General
-
Target
00d2305abc3da7774ba6457af59e1eed6707d7f25301b7cb8c92d15b710b7ea1
-
Size
602KB
-
Sample
221123-sgzsmabd28
-
MD5
10c1f5e88fc58c3b81f674b236f865a7
-
SHA1
81c2c3503264b4e93138d01d2d3d9f35d20fa16e
-
SHA256
00d2305abc3da7774ba6457af59e1eed6707d7f25301b7cb8c92d15b710b7ea1
-
SHA512
ff66f2af00d2dc75151c7b3bd57f14939a07616f6791d9d6e93662473e1374b6ea0c736a7bb1aa9ae9e6d97e6d22b23df3be13876503db04f3a70a886934d9c2
-
SSDEEP
12288:d5POFJhOmLP8f8WN3wE2qW9VqaBeK0NUecJ4:TgkmwEW2BqUVqaN0F
Static task
static1
Behavioral task
behavioral1
Sample
00d2305abc3da7774ba6457af59e1eed6707d7f25301b7cb8c92d15b710b7ea1.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
POWER
uche.ddns.net:1604
DC_MUTEX-AN3QBSU
-
gencode
WEYVhvx4N8NX
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
00d2305abc3da7774ba6457af59e1eed6707d7f25301b7cb8c92d15b710b7ea1
-
Size
602KB
-
MD5
10c1f5e88fc58c3b81f674b236f865a7
-
SHA1
81c2c3503264b4e93138d01d2d3d9f35d20fa16e
-
SHA256
00d2305abc3da7774ba6457af59e1eed6707d7f25301b7cb8c92d15b710b7ea1
-
SHA512
ff66f2af00d2dc75151c7b3bd57f14939a07616f6791d9d6e93662473e1374b6ea0c736a7bb1aa9ae9e6d97e6d22b23df3be13876503db04f3a70a886934d9c2
-
SSDEEP
12288:d5POFJhOmLP8f8WN3wE2qW9VqaBeK0NUecJ4:TgkmwEW2BqUVqaN0F
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-