General
-
Target
a7c09ca5fc3405731fdccf2e63c98426dd474117b2d96bd0af6e48cfdea33183
-
Size
708KB
-
Sample
221201-jfgqzsbe7z
-
MD5
f82ee7cd38cf641f53a4253bbdcbe773
-
SHA1
f612029c7c658bd42258f594c35fa9352fce84ce
-
SHA256
a7c09ca5fc3405731fdccf2e63c98426dd474117b2d96bd0af6e48cfdea33183
-
SHA512
93e4ac90d9bf7b54da8c06cfd518459b79e543d49f749c8cec0ebf7f8f7db1f209df89a13de7e9eff14ff49b2abf1224158f9b27d87fe2c7308b702bca7b35d8
-
SSDEEP
12288:11uk6yVkY04dCBIQrJIiDEWsHW249waVnTHd/ARRsNWWsJ72dYjGuI:1/pV6w4XrG2EW249wG1ARmI7BGuI
Static task
static1
Behavioral task
behavioral1
Sample
a7c09ca5fc3405731fdccf2e63c98426dd474117b2d96bd0af6e48cfdea33183.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Update
portfoliopictures.no-ip.biz:1884
DC_MUTEX-UMHWEDU
-
gencode
kkWWmy9WfbzD
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
a7c09ca5fc3405731fdccf2e63c98426dd474117b2d96bd0af6e48cfdea33183
-
Size
708KB
-
MD5
f82ee7cd38cf641f53a4253bbdcbe773
-
SHA1
f612029c7c658bd42258f594c35fa9352fce84ce
-
SHA256
a7c09ca5fc3405731fdccf2e63c98426dd474117b2d96bd0af6e48cfdea33183
-
SHA512
93e4ac90d9bf7b54da8c06cfd518459b79e543d49f749c8cec0ebf7f8f7db1f209df89a13de7e9eff14ff49b2abf1224158f9b27d87fe2c7308b702bca7b35d8
-
SSDEEP
12288:11uk6yVkY04dCBIQrJIiDEWsHW249waVnTHd/ARRsNWWsJ72dYjGuI:1/pV6w4XrG2EW249wG1ARmI7BGuI
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-