General
-
Target
1487b91fe287ef043d6ba20e4e37128830770d12ed43e6228ff2bd8fd51eb4b6
-
Size
343KB
-
Sample
221125-ffhfqsff2z
-
MD5
69661f894bc24159f7796f022db64c67
-
SHA1
733c507e16327c2db7715c2704db3b4bff01e026
-
SHA256
1487b91fe287ef043d6ba20e4e37128830770d12ed43e6228ff2bd8fd51eb4b6
-
SHA512
3b918d4faff57c5d6da75c0b94d84f69220555c9a4522d780a1764b5612261971a0b162546d5b3404198e1920c475194dc07c6019dff6d3bb778e14dfbf2fe3c
-
SSDEEP
6144:xMaed6qRf1VYOnThmxoTfqlac/lTcspV+qrjQKcW:xMnvRfblF5tyxfkqrcK
Static task
static1
Behavioral task
behavioral1
Sample
1487b91fe287ef043d6ba20e4e37128830770d12ed43e6228ff2bd8fd51eb4b6.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
NEWS
informer.ddns.net:1605
informer.ddns.net:1606
DC_MUTEX-L6AVTYM
-
gencode
kNGa0laUgQF5
-
install
false
-
offline_keylogger
true
-
password
chinelo4545
-
persistence
false
Targets
-
-
Target
1487b91fe287ef043d6ba20e4e37128830770d12ed43e6228ff2bd8fd51eb4b6
-
Size
343KB
-
MD5
69661f894bc24159f7796f022db64c67
-
SHA1
733c507e16327c2db7715c2704db3b4bff01e026
-
SHA256
1487b91fe287ef043d6ba20e4e37128830770d12ed43e6228ff2bd8fd51eb4b6
-
SHA512
3b918d4faff57c5d6da75c0b94d84f69220555c9a4522d780a1764b5612261971a0b162546d5b3404198e1920c475194dc07c6019dff6d3bb778e14dfbf2fe3c
-
SSDEEP
6144:xMaed6qRf1VYOnThmxoTfqlac/lTcspV+qrjQKcW:xMnvRfblF5tyxfkqrcK
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-