General
-
Target
529998a1f5b582d433c10cd6085415c2c70e605310fc34b1a759dbdd36d2671e
-
Size
1.4MB
-
Sample
221127-mrjlhaah72
-
MD5
cc05c85a68ee1cf98b5f45200c42608d
-
SHA1
0d44db70753da73e14b35eacaea28a6f23200317
-
SHA256
529998a1f5b582d433c10cd6085415c2c70e605310fc34b1a759dbdd36d2671e
-
SHA512
202051a2dc15a82d77edb73c2d7b01da4866e92352af6be0b5e0ca2e5936fa7cad4cb7847f2a4bd3fc28f92c3cb671b71597600c669bb0850504196cc34087a1
-
SSDEEP
24576:FnVbZxMViRoaJOZqBTybfysUkdsPh7gJboCpKm4TL+JVegaev8yHHsJ:3bZxMVuvsqkdw4oCpOTL+e9ElM
Static task
static1
Behavioral task
behavioral1
Sample
529998a1f5b582d433c10cd6085415c2c70e605310fc34b1a759dbdd36d2671e.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
529998a1f5b582d433c10cd6085415c2c70e605310fc34b1a759dbdd36d2671e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
ADDED
comment.ddns.net:1604
DC_MUTEX-AMQ7EFQ
-
gencode
XRhRRovsdjJP
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
529998a1f5b582d433c10cd6085415c2c70e605310fc34b1a759dbdd36d2671e
-
Size
1.4MB
-
MD5
cc05c85a68ee1cf98b5f45200c42608d
-
SHA1
0d44db70753da73e14b35eacaea28a6f23200317
-
SHA256
529998a1f5b582d433c10cd6085415c2c70e605310fc34b1a759dbdd36d2671e
-
SHA512
202051a2dc15a82d77edb73c2d7b01da4866e92352af6be0b5e0ca2e5936fa7cad4cb7847f2a4bd3fc28f92c3cb671b71597600c669bb0850504196cc34087a1
-
SSDEEP
24576:FnVbZxMViRoaJOZqBTybfysUkdsPh7gJboCpKm4TL+JVegaev8yHHsJ:3bZxMVuvsqkdw4oCpOTL+e9ElM
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-