General
-
Target
838ba1578a4d8a917dd4f9ef7754a9e25389b4d67d271c3c71500c55f5f62933
-
Size
1.3MB
-
Sample
221125-jdvj3abb98
-
MD5
2ceb126e45e29ae5260343d67d666379
-
SHA1
44bfc88df3e9bbaddbc08da0d2cfb18cce9d7722
-
SHA256
838ba1578a4d8a917dd4f9ef7754a9e25389b4d67d271c3c71500c55f5f62933
-
SHA512
142317bf8f5f5a2bb09011b90fe1b20c6d465f74aaa4b429554e0bbb9841f2ac1fffc6fbdf7b2f1ac4417732b14550a21162871404a0bb28c0c9e9697ef12039
-
SSDEEP
24576:1t24elz/eTxEP26JA7bnH2v27efUlcaVW67fsMxTLc2UgaRg299pWN7wyyw:h/WPK7QlsqKWKf15op1Wiyh
Static task
static1
Behavioral task
behavioral1
Sample
838ba1578a4d8a917dd4f9ef7754a9e25389b4d67d271c3c71500c55f5f62933.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Guest16
5.254.112.46:1604
DC_MUTEX-TWH65U6
-
gencode
g2krJbMz8YKU
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
838ba1578a4d8a917dd4f9ef7754a9e25389b4d67d271c3c71500c55f5f62933
-
Size
1.3MB
-
MD5
2ceb126e45e29ae5260343d67d666379
-
SHA1
44bfc88df3e9bbaddbc08da0d2cfb18cce9d7722
-
SHA256
838ba1578a4d8a917dd4f9ef7754a9e25389b4d67d271c3c71500c55f5f62933
-
SHA512
142317bf8f5f5a2bb09011b90fe1b20c6d465f74aaa4b429554e0bbb9841f2ac1fffc6fbdf7b2f1ac4417732b14550a21162871404a0bb28c0c9e9697ef12039
-
SSDEEP
24576:1t24elz/eTxEP26JA7bnH2v27efUlcaVW67fsMxTLc2UgaRg299pWN7wyyw:h/WPK7QlsqKWKf15op1Wiyh
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-