General
-
Target
82d559a7e5b90b8c3844f5405388f31501d03771535ad69ec3b24f30f473e6ec
-
Size
764KB
-
Sample
221123-sx7heaff2t
-
MD5
72424af22fd4bda472713106e905af9b
-
SHA1
f2e8e93369c973daad899265d4308fd195a3ac28
-
SHA256
82d559a7e5b90b8c3844f5405388f31501d03771535ad69ec3b24f30f473e6ec
-
SHA512
4b3285af8793e71d58e91d2abfa76bbab4bf7e6e3d7035686f2af98d5b5950fdc551fab78654067b90c580a69f1c9fc78067e34517e47b4d20b2ebc23711bdc2
-
SSDEEP
12288:hYmt0E2jF7bXNbG8a31+r+4jFn3udW5yDSNrSgXmtLc8/NU:hYFE2jNb9bGgjJemRX7mN
Static task
static1
Behavioral task
behavioral1
Sample
82d559a7e5b90b8c3844f5405388f31501d03771535ad69ec3b24f30f473e6ec.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
82d559a7e5b90b8c3844f5405388f31501d03771535ad69ec3b24f30f473e6ec.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
829
kelgr95167.crabdance.com:4390
kelgr95167.crabdance.com:4391
DC_MUTEX-RJ23YU3
-
gencode
cGAxaBVeCxjm
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
82d559a7e5b90b8c3844f5405388f31501d03771535ad69ec3b24f30f473e6ec
-
Size
764KB
-
MD5
72424af22fd4bda472713106e905af9b
-
SHA1
f2e8e93369c973daad899265d4308fd195a3ac28
-
SHA256
82d559a7e5b90b8c3844f5405388f31501d03771535ad69ec3b24f30f473e6ec
-
SHA512
4b3285af8793e71d58e91d2abfa76bbab4bf7e6e3d7035686f2af98d5b5950fdc551fab78654067b90c580a69f1c9fc78067e34517e47b4d20b2ebc23711bdc2
-
SSDEEP
12288:hYmt0E2jF7bXNbG8a31+r+4jFn3udW5yDSNrSgXmtLc8/NU:hYFE2jNb9bGgjJemRX7mN
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-