General
-
Target
47a2ac8ed1e82d0d45224a2c6ec24bb1a1e4bead2dcdf5850babd31c7b2c75e0
-
Size
743KB
-
Sample
221127-tmnszsaf87
-
MD5
7a36baa345dda1b89c496aa79a6a5a12
-
SHA1
273d7396a8645c5d6803481fa64399747c358d69
-
SHA256
47a2ac8ed1e82d0d45224a2c6ec24bb1a1e4bead2dcdf5850babd31c7b2c75e0
-
SHA512
f4f61f3c10e5a4452aa864bd45acfc39907376a8109c0a023453201f171229ebbbce995f652161047d0456635649d1af2adeed279903709ae325cbec31edeb74
-
SSDEEP
12288:PZ9FiM41ncjbrIsEcjDnFLTrXD7jMBnUZ0E4k61L0fVn+2Au:zQM4UbQcnnVT7oto0ENN9b
Static task
static1
Behavioral task
behavioral1
Sample
47a2ac8ed1e82d0d45224a2c6ec24bb1a1e4bead2dcdf5850babd31c7b2c75e0.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
47a2ac8ed1e82d0d45224a2c6ec24bb1a1e4bead2dcdf5850babd31c7b2c75e0.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
1
nothingissecurelol.chickenkiller.com:9003
DC_MUTEX-SMQ80ND
-
gencode
GdrP5FJmohEg
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
47a2ac8ed1e82d0d45224a2c6ec24bb1a1e4bead2dcdf5850babd31c7b2c75e0
-
Size
743KB
-
MD5
7a36baa345dda1b89c496aa79a6a5a12
-
SHA1
273d7396a8645c5d6803481fa64399747c358d69
-
SHA256
47a2ac8ed1e82d0d45224a2c6ec24bb1a1e4bead2dcdf5850babd31c7b2c75e0
-
SHA512
f4f61f3c10e5a4452aa864bd45acfc39907376a8109c0a023453201f171229ebbbce995f652161047d0456635649d1af2adeed279903709ae325cbec31edeb74
-
SSDEEP
12288:PZ9FiM41ncjbrIsEcjDnFLTrXD7jMBnUZ0E4k61L0fVn+2Au:zQM4UbQcnnVT7oto0ENN9b
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-