General
-
Target
49e75af5070d31e6e53a6bf37a509732fd8e61875e80e213704703ea3246171d
-
Size
2.8MB
-
Sample
221123-vvg6vada2s
-
MD5
0173cc2be471cac926c6104a2e8b986a
-
SHA1
ece1bcbb39f75fe8bc71801cca1bb1e6e2f030e5
-
SHA256
49e75af5070d31e6e53a6bf37a509732fd8e61875e80e213704703ea3246171d
-
SHA512
f6c6ea986a955390ee3470d8e887b428cb5d2043fd4d33fb24bd165d884e3e9a91c7fd231076225ab45b3ad85c466dca2ee536a0bb0c2804ee19e4aef1cb34ae
-
SSDEEP
49152:QVjnLacAxQU/a6MWvnUq6hE5k6iBPQ7pGy05Z+sSdSLyXTX9ykYN+EiTAr:8D+cAxQUa6MWvnUq6hgkvBPuYywSXjXW
Static task
static1
Behavioral task
behavioral1
Sample
49e75af5070d31e6e53a6bf37a509732fd8e61875e80e213704703ea3246171d.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest16
darkcometratt.no-ip.org:1604
DC_MUTEX-WG0MMGJ
-
gencode
Rsl0xg3qg2h8
-
install
false
-
offline_keylogger
true
-
persistence
false
Extracted
darkcomet
DEFORS
rsnoip.ddns.net:1997
DCMIN_MUTEX-C5RDYJH
-
gencode
NToT30g4twDC
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
49e75af5070d31e6e53a6bf37a509732fd8e61875e80e213704703ea3246171d
-
Size
2.8MB
-
MD5
0173cc2be471cac926c6104a2e8b986a
-
SHA1
ece1bcbb39f75fe8bc71801cca1bb1e6e2f030e5
-
SHA256
49e75af5070d31e6e53a6bf37a509732fd8e61875e80e213704703ea3246171d
-
SHA512
f6c6ea986a955390ee3470d8e887b428cb5d2043fd4d33fb24bd165d884e3e9a91c7fd231076225ab45b3ad85c466dca2ee536a0bb0c2804ee19e4aef1cb34ae
-
SSDEEP
49152:QVjnLacAxQU/a6MWvnUq6hE5k6iBPQ7pGy05Z+sSdSLyXTX9ykYN+EiTAr:8D+cAxQUa6MWvnUq6hgkvBPuYywSXjXW
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-