General
-
Target
7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93
-
Size
328KB
-
Sample
221126-qz6b1sgd44
-
MD5
5a6770a663b5125240a78424db7a74f2
-
SHA1
b3f3615b2e3c7b04fa904ce893644b9de65f9395
-
SHA256
7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93
-
SHA512
58bfc1a02760d14ac63e4a9c8a06430a1a2adca1608fba10d8be59e34db03e51cf8ebbb6b7e016fd932506af7246da501b5ea0a1f6ab4e6aa78b32ad106aa5ad
-
SSDEEP
6144:umYnW1JAtWAwM0bWQLM0D0B+Gs4Jc+UO5EBGprbDGwBuUPN:KW1JuWm0bRw+NTO5JRPGwBrV
Static task
static1
Behavioral task
behavioral1
Sample
7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
BackUp
185.17.1.54:9002
WindowsBackUpMgr
-
gencode
VzVqX1p6FUzg
-
install
false
-
offline_keylogger
true
-
password
redblood1
-
persistence
false
Targets
-
-
Target
7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93
-
Size
328KB
-
MD5
5a6770a663b5125240a78424db7a74f2
-
SHA1
b3f3615b2e3c7b04fa904ce893644b9de65f9395
-
SHA256
7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93
-
SHA512
58bfc1a02760d14ac63e4a9c8a06430a1a2adca1608fba10d8be59e34db03e51cf8ebbb6b7e016fd932506af7246da501b5ea0a1f6ab4e6aa78b32ad106aa5ad
-
SSDEEP
6144:umYnW1JAtWAwM0bWQLM0D0B+Gs4Jc+UO5EBGprbDGwBuUPN:KW1JuWm0bRw+NTO5JRPGwBrV
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-