General
-
Target
9b6c3d60139b681dfdd5d717b24bf1c66ed5b1f5ec0a98468f86b84be6941915
-
Size
787KB
-
Sample
221125-h7rjtsag27
-
MD5
1f037a54c638eb27d5c098326215c750
-
SHA1
af53cbbdbff190aa5e99e381520758f637d27c7f
-
SHA256
9b6c3d60139b681dfdd5d717b24bf1c66ed5b1f5ec0a98468f86b84be6941915
-
SHA512
14de32e1db8976e2e76b01ed54155ad4af5903cb6ffee09fc72eb4ea0bc75cc57c81a89df6a739b308268f98bbb74a54bf74a06909dffe58d7c4794fc74f3d5a
-
SSDEEP
12288:PGopSuXh1gdooZuPLxHldHlY4ub6n+L+egT3/GT6rjo+ncq4ACE:P6MtuT6n+Hgr/GTAjJaACE
Static task
static1
Behavioral task
behavioral1
Sample
9b6c3d60139b681dfdd5d717b24bf1c66ed5b1f5ec0a98468f86b84be6941915.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9b6c3d60139b681dfdd5d717b24bf1c66ed5b1f5ec0a98468f86b84be6941915.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Testing
izcrackz.ddns.net:1604
DCMIN_MUTEX-8LL9FA3
-
gencode
xrXebsuQ91rd
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
9b6c3d60139b681dfdd5d717b24bf1c66ed5b1f5ec0a98468f86b84be6941915
-
Size
787KB
-
MD5
1f037a54c638eb27d5c098326215c750
-
SHA1
af53cbbdbff190aa5e99e381520758f637d27c7f
-
SHA256
9b6c3d60139b681dfdd5d717b24bf1c66ed5b1f5ec0a98468f86b84be6941915
-
SHA512
14de32e1db8976e2e76b01ed54155ad4af5903cb6ffee09fc72eb4ea0bc75cc57c81a89df6a739b308268f98bbb74a54bf74a06909dffe58d7c4794fc74f3d5a
-
SSDEEP
12288:PGopSuXh1gdooZuPLxHldHlY4ub6n+L+egT3/GT6rjo+ncq4ACE:P6MtuT6n+Hgr/GTAjJaACE
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-