General
-
Target
b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16
-
Size
1.3MB
-
Sample
221125-h28k6adg81
-
MD5
4dd4a5c74034498434724debef376a54
-
SHA1
0b9cf9f9bbfba22571b26ec10503b1dad414e911
-
SHA256
b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16
-
SHA512
ced8c5af216e0dc95b126188cdc22447de0a9b23d31970292e784218d1b7eed2b7fda075dbd5d98d7cbc711c44b8487a1e6307c4ef15dfecc646f6ebc77629cf
-
SSDEEP
24576:A0lbTbMMwHinuNNd+AK9yB5RMTJ7g0FQ1oSic0:ZlTYMwHAh9yOTw
Static task
static1
Behavioral task
behavioral1
Sample
b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Victim
camohomopopper.no-ip.biz:55152
camohomohopper.no-ip.biz:55151
DC_MUTEX-FY6YKFW
-
gencode
mfXATs7kpnnT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16
-
Size
1.3MB
-
MD5
4dd4a5c74034498434724debef376a54
-
SHA1
0b9cf9f9bbfba22571b26ec10503b1dad414e911
-
SHA256
b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16
-
SHA512
ced8c5af216e0dc95b126188cdc22447de0a9b23d31970292e784218d1b7eed2b7fda075dbd5d98d7cbc711c44b8487a1e6307c4ef15dfecc646f6ebc77629cf
-
SSDEEP
24576:A0lbTbMMwHinuNNd+AK9yB5RMTJ7g0FQ1oSic0:ZlTYMwHAh9yOTw
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-