General
-
Target
939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8
-
Size
997KB
-
Sample
221124-11r6wsfd9x
-
MD5
cc1439d43a95d8834e593a20b082ef24
-
SHA1
5cd14499b0b902bad969d39ab28b1e9efe0d9354
-
SHA256
939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8
-
SHA512
a7c4a8ef7bf9b52cb8db3b3557a2e72e20b1fedc95d69895a6872979062dd90639771be6da3758f49b0d528a87fc3bddbe8db1940725231926ac8a34edc662d0
-
SSDEEP
24576:FbcOE7O5ueXGqJghIL2AYS3ymFYe9eQxX4P:hcs5tbL4beLG
Static task
static1
Behavioral task
behavioral1
Sample
939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest16
neo2.ddns.net:1200
DC_MUTEX-0WZBGJC
-
InstallPath
SystemC\SystemC.exe
-
gencode
qMq25piLPy1w
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
SystemC
Targets
-
-
Target
939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8
-
Size
997KB
-
MD5
cc1439d43a95d8834e593a20b082ef24
-
SHA1
5cd14499b0b902bad969d39ab28b1e9efe0d9354
-
SHA256
939f5f385c855cb98c481ae373ea9efe7af50f1714adf47fc01a288488abe5c8
-
SHA512
a7c4a8ef7bf9b52cb8db3b3557a2e72e20b1fedc95d69895a6872979062dd90639771be6da3758f49b0d528a87fc3bddbe8db1940725231926ac8a34edc662d0
-
SSDEEP
24576:FbcOE7O5ueXGqJghIL2AYS3ymFYe9eQxX4P:hcs5tbL4beLG
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-