General
-
Target
933efd58e02b0221f6a727598c1c60ab88bd23f12f44c2d73dc7dd10d31be752
-
Size
2.2MB
-
Sample
221130-wth77aff9t
-
MD5
041cb21f328752da31219f6079189bc4
-
SHA1
5c1c9411a763b8d36a401bbb45faf182ce53abc3
-
SHA256
933efd58e02b0221f6a727598c1c60ab88bd23f12f44c2d73dc7dd10d31be752
-
SHA512
c341dfcd29e7c334130c1ac63d541c36a6de52b9f85da5d76649acc7aa5682cbf01397c15711ac53e67cf37dda85ef62cff89d8bdfaf777509895519f38dbb21
-
SSDEEP
49152:Z5JZoQrbTFZY1iaCABJde0YXZglrBwCV1vZFyQ7jiIu2KtgCL2h:Z5trbTA1NdeRDQZU+jiUUhM
Static task
static1
Behavioral task
behavioral1
Sample
933efd58e02b0221f6a727598c1c60ab88bd23f12f44c2d73dc7dd10d31be752.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
933efd58e02b0221f6a727598c1c60ab88bd23f12f44c2d73dc7dd10d31be752.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
Guest16
geluna.zapto.org:1604
DC_MUTEX-VGEKRTT
-
gencode
zH9WcfNESPzT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
933efd58e02b0221f6a727598c1c60ab88bd23f12f44c2d73dc7dd10d31be752
-
Size
2.2MB
-
MD5
041cb21f328752da31219f6079189bc4
-
SHA1
5c1c9411a763b8d36a401bbb45faf182ce53abc3
-
SHA256
933efd58e02b0221f6a727598c1c60ab88bd23f12f44c2d73dc7dd10d31be752
-
SHA512
c341dfcd29e7c334130c1ac63d541c36a6de52b9f85da5d76649acc7aa5682cbf01397c15711ac53e67cf37dda85ef62cff89d8bdfaf777509895519f38dbb21
-
SSDEEP
49152:Z5JZoQrbTFZY1iaCABJde0YXZglrBwCV1vZFyQ7jiIu2KtgCL2h:Z5trbTA1NdeRDQZU+jiUUhM
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-