General
-
Target
b00873e05729f1a9924e57e66594cfda4af9869824ee3a5069aad9de0fc37411
-
Size
411KB
-
Sample
221201-l984fahb23
-
MD5
8ad534532990d0621cf1786d380ae9dd
-
SHA1
9c1ccd4ff0874f2912dadebd318bf44886d9f1f4
-
SHA256
b00873e05729f1a9924e57e66594cfda4af9869824ee3a5069aad9de0fc37411
-
SHA512
3a36a93740e2cd8805372522bfe7149802f0891977e2a0dbb2b50362966fa586e4854807bdabcdc9fdd34a40908d607343cfda1a2c27174b8aeaea4ee296c7dc
-
SSDEEP
12288:mlghoSqHNJ/Jj0l5e7kurPQHr5wv1hlajScDlu:sg2HNb0lM7z0Wv6Dlu
Behavioral task
behavioral1
Sample
b00873e05729f1a9924e57e66594cfda4af9869824ee3a5069aad9de0fc37411.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Main
youknowwhat.zapto.org:8568
DC_MUTEX-RSSVB20
-
gencode
1cfcWSgmK4PV
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
b00873e05729f1a9924e57e66594cfda4af9869824ee3a5069aad9de0fc37411
-
Size
411KB
-
MD5
8ad534532990d0621cf1786d380ae9dd
-
SHA1
9c1ccd4ff0874f2912dadebd318bf44886d9f1f4
-
SHA256
b00873e05729f1a9924e57e66594cfda4af9869824ee3a5069aad9de0fc37411
-
SHA512
3a36a93740e2cd8805372522bfe7149802f0891977e2a0dbb2b50362966fa586e4854807bdabcdc9fdd34a40908d607343cfda1a2c27174b8aeaea4ee296c7dc
-
SSDEEP
12288:mlghoSqHNJ/Jj0l5e7kurPQHr5wv1hlajScDlu:sg2HNb0lM7z0Wv6Dlu
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-