General
-
Target
a4083c15681ab40fd583fc69651efacae78d0d900550f4e2dab753344a4dd0f6
-
Size
736KB
-
Sample
221127-mfjr5adg8z
-
MD5
1ddccfd964ded511cb8538e9616b13cb
-
SHA1
9aa5920603995edadf6d4af3a8d35ef28ca7852e
-
SHA256
a4083c15681ab40fd583fc69651efacae78d0d900550f4e2dab753344a4dd0f6
-
SHA512
256df6192c85963e107f755f6ecd799249f4b7f4a741b2c14850f3b52c44afda4371bcc8118d62fa86869f87227d5f1b6569b404825ed6f73b7732fd0bb26905
-
SSDEEP
12288:ORTCaO9QMhF5I0Qa+nu4l5JjIsg/hOjwYtPqMtrN97CO1awJTSX/0c+6D68w:ORcQiCaHoJjIthOj7gMlN97L172XU
Static task
static1
Behavioral task
behavioral1
Sample
a4083c15681ab40fd583fc69651efacae78d0d900550f4e2dab753344a4dd0f6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a4083c15681ab40fd583fc69651efacae78d0d900550f4e2dab753344a4dd0f6.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Guest16
poison007.no-ip.org:100
DC_MUTEX-XEJG8MK
-
gencode
QrcF4RRkTDK0
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
a4083c15681ab40fd583fc69651efacae78d0d900550f4e2dab753344a4dd0f6
-
Size
736KB
-
MD5
1ddccfd964ded511cb8538e9616b13cb
-
SHA1
9aa5920603995edadf6d4af3a8d35ef28ca7852e
-
SHA256
a4083c15681ab40fd583fc69651efacae78d0d900550f4e2dab753344a4dd0f6
-
SHA512
256df6192c85963e107f755f6ecd799249f4b7f4a741b2c14850f3b52c44afda4371bcc8118d62fa86869f87227d5f1b6569b404825ed6f73b7732fd0bb26905
-
SSDEEP
12288:ORTCaO9QMhF5I0Qa+nu4l5JjIsg/hOjwYtPqMtrN97CO1awJTSX/0c+6D68w:ORcQiCaHoJjIthOj7gMlN97L172XU
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-