General
-
Target
9386cb2c5079ed774bfc790adf3371f33d066b1f47b621489a45850b5f748b3f
-
Size
883KB
-
Sample
221201-ayvacshe73
-
MD5
f879b4875aabd896da7784acf9f7c071
-
SHA1
5f1f36ddae67702a06be892c7e63e1c2c6cc24d5
-
SHA256
9386cb2c5079ed774bfc790adf3371f33d066b1f47b621489a45850b5f748b3f
-
SHA512
9f2b8fbed4722c1ffe9d9eeadce0305f4aa42a0ee028bd603cf53a65fee7876b593fae3bdf3fb921ea967859c5f1b39d66497fef65a09311d77ae1a058c1a6e3
-
SSDEEP
12288:HV63X3vTu3KGbYB4AU6XgUq+oDXugY0DBHzHxwzDqZP1JNTSo1QXtXKAA:Hs3Xfq3KG196Q+oDXHYqTHxKDqj
Static task
static1
Behavioral task
behavioral1
Sample
9386cb2c5079ed774bfc790adf3371f33d066b1f47b621489a45850b5f748b3f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9386cb2c5079ed774bfc790adf3371f33d066b1f47b621489a45850b5f748b3f.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
darkcomet
anomabite
46.105.72.113:3399
DC_MUTEX-YXKH7FC
-
gencode
j62oxs6nZiEV
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
9386cb2c5079ed774bfc790adf3371f33d066b1f47b621489a45850b5f748b3f
-
Size
883KB
-
MD5
f879b4875aabd896da7784acf9f7c071
-
SHA1
5f1f36ddae67702a06be892c7e63e1c2c6cc24d5
-
SHA256
9386cb2c5079ed774bfc790adf3371f33d066b1f47b621489a45850b5f748b3f
-
SHA512
9f2b8fbed4722c1ffe9d9eeadce0305f4aa42a0ee028bd603cf53a65fee7876b593fae3bdf3fb921ea967859c5f1b39d66497fef65a09311d77ae1a058c1a6e3
-
SSDEEP
12288:HV63X3vTu3KGbYB4AU6XgUq+oDXugY0DBHzHxwzDqZP1JNTSo1QXtXKAA:Hs3Xfq3KG196Q+oDXHYqTHxKDqj
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-