General
-
Target
db8989eb7653d8975c11487a55a1dbdbdcc569662cb68e0cdd915001f75a0830
-
Size
270KB
-
Sample
221126-2legxsea5z
-
MD5
17cd6e5c3400f8f1aab1e952e7abff06
-
SHA1
c67ce831cc8180acb6becb3a478dac2607599cb4
-
SHA256
db8989eb7653d8975c11487a55a1dbdbdcc569662cb68e0cdd915001f75a0830
-
SHA512
fc4db1a232bd84a4938b91118d84a844aac3696ef1bb21a8e5ec1475d20f35a5150807f556a209c8b43ae7e33ff1526b28460247c5fdc262bb6d40eae93faab4
-
SSDEEP
6144:ubz/IMSqxqxV7fnquYCQbP2fUCskqe/VeUvev9i1S05:ub8MJxq/fjYTPdWJCIS05
Static task
static1
Behavioral task
behavioral1
Sample
db8989eb7653d8975c11487a55a1dbdbdcc569662cb68e0cdd915001f75a0830.exe
Resource
win7-20220901-en
Malware Config
Extracted
darkcomet
Guest16
212.7.208.94:16047
DC_MUTEX-39QKYFC
-
gencode
AB6ZSyXzGqKv
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
db8989eb7653d8975c11487a55a1dbdbdcc569662cb68e0cdd915001f75a0830
-
Size
270KB
-
MD5
17cd6e5c3400f8f1aab1e952e7abff06
-
SHA1
c67ce831cc8180acb6becb3a478dac2607599cb4
-
SHA256
db8989eb7653d8975c11487a55a1dbdbdcc569662cb68e0cdd915001f75a0830
-
SHA512
fc4db1a232bd84a4938b91118d84a844aac3696ef1bb21a8e5ec1475d20f35a5150807f556a209c8b43ae7e33ff1526b28460247c5fdc262bb6d40eae93faab4
-
SSDEEP
6144:ubz/IMSqxqxV7fnquYCQbP2fUCskqe/VeUvev9i1S05:ub8MJxq/fjYTPdWJCIS05
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-