General
-
Target
f9c48f77663eae6dc9b4567758751c0fb3059165fe2fa24a7bf2949ad4b78bb9
-
Size
755KB
-
Sample
221124-z6embade6x
-
MD5
b31929cf07815e0cfd3f3c32fe49dc2f
-
SHA1
7fc8a85285388a5f2ff951960178e0a3746e033f
-
SHA256
f9c48f77663eae6dc9b4567758751c0fb3059165fe2fa24a7bf2949ad4b78bb9
-
SHA512
05c6c06e3be5ae22971e53233e4f1d040a016c30192a7f3348b2650f6b48c4192d5bcb99cb37909776350556c7356290f5231c2e21616dfd232c0a70f368333a
-
SSDEEP
12288:qebXK0f0YgZMxvSgB81A4uBS8rH7FL/r9OExzA+vYguk2zUsVlv/j/mraY6v2WU:nXKSgOSmCH8rBDVxnCYsrHYkx
Behavioral task
behavioral1
Sample
f9c48f77663eae6dc9b4567758751c0fb3059165fe2fa24a7bf2949ad4b78bb9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f9c48f77663eae6dc9b4567758751c0fb3059165fe2fa24a7bf2949ad4b78bb9.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
New---Victim
freewayblaze.zapto.org:1604
DC_MUTEX-NTT55ZM
-
gencode
eoRhVbsCy5oj
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
f9c48f77663eae6dc9b4567758751c0fb3059165fe2fa24a7bf2949ad4b78bb9
-
Size
755KB
-
MD5
b31929cf07815e0cfd3f3c32fe49dc2f
-
SHA1
7fc8a85285388a5f2ff951960178e0a3746e033f
-
SHA256
f9c48f77663eae6dc9b4567758751c0fb3059165fe2fa24a7bf2949ad4b78bb9
-
SHA512
05c6c06e3be5ae22971e53233e4f1d040a016c30192a7f3348b2650f6b48c4192d5bcb99cb37909776350556c7356290f5231c2e21616dfd232c0a70f368333a
-
SSDEEP
12288:qebXK0f0YgZMxvSgB81A4uBS8rH7FL/r9OExzA+vYguk2zUsVlv/j/mraY6v2WU:nXKSgOSmCH8rBDVxnCYsrHYkx
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-