General
-
Target
8b06f2e6daad66479102faa65ba46b40d5cd6e3335cf3902971dcd753b37d347
-
Size
5.0MB
-
Sample
221123-vkqp8shc62
-
MD5
9580c6ee0ec3d08c29020c0dbff23cfa
-
SHA1
4f8ee5461fe1300e42bfb62747597ed6e339ff29
-
SHA256
8b06f2e6daad66479102faa65ba46b40d5cd6e3335cf3902971dcd753b37d347
-
SHA512
491aef0102cbd7d9816b79dac6673607119bc7778c0e1564dc5e60dea6ca265530771fe7855843126fe9322871d50e52aab210984951571468a90805f0bf2f79
-
SSDEEP
24576:57xgtwBETvT1r+gjhgMp6RZ+XI7vkb4u+yEZEWkc5wiOCjIlwfo915SQEtxZiQWT:36wwv5nh4RWIhltp67CMwfe1+tKSM5
Static task
static1
Behavioral task
behavioral1
Sample
8b06f2e6daad66479102faa65ba46b40d5cd6e3335cf3902971dcd753b37d347.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8b06f2e6daad66479102faa65ba46b40d5cd6e3335cf3902971dcd753b37d347.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Crypto Bot
estherr.no-ip.biz:5604
DC_MUTEX-4P0JZTL
-
gencode
x1lNFj9h0ysn
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
8b06f2e6daad66479102faa65ba46b40d5cd6e3335cf3902971dcd753b37d347
-
Size
5.0MB
-
MD5
9580c6ee0ec3d08c29020c0dbff23cfa
-
SHA1
4f8ee5461fe1300e42bfb62747597ed6e339ff29
-
SHA256
8b06f2e6daad66479102faa65ba46b40d5cd6e3335cf3902971dcd753b37d347
-
SHA512
491aef0102cbd7d9816b79dac6673607119bc7778c0e1564dc5e60dea6ca265530771fe7855843126fe9322871d50e52aab210984951571468a90805f0bf2f79
-
SSDEEP
24576:57xgtwBETvT1r+gjhgMp6RZ+XI7vkb4u+yEZEWkc5wiOCjIlwfo915SQEtxZiQWT:36wwv5nh4RWIhltp67CMwfe1+tKSM5
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-