General
-
Target
cc60a3d87ac021e103a5ab312de0ea8178808d6e060fe69b5947be94c770609d
-
Size
628KB
-
Sample
221202-vehsfaah3y
-
MD5
34a70ea0794d10fceb96fadb5df4483e
-
SHA1
6696d5b98801dcffa8d7274ef6ce734a884f9df2
-
SHA256
cc60a3d87ac021e103a5ab312de0ea8178808d6e060fe69b5947be94c770609d
-
SHA512
7d784cc70b11bbff77a89df03c2a58b81584b7c4d814ea80fa98ec972883012da860bfaf053d0be78156a09c6af903e61c4b1c1b5ce64990cbc12de1fa0ebdf8
-
SSDEEP
12288:Z6I6olZkgjeeO26i5Y3nD0RcJd+nwmW/K13qiLLOl51kfgjdlA:Z6I6ol2wYXD0mJd+nMKhjaOgjU
Static task
static1
Behavioral task
behavioral1
Sample
cc60a3d87ac021e103a5ab312de0ea8178808d6e060fe69b5947be94c770609d.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
hesco.no-ip.info:1604
DC_MUTEX-7V9Z9HT
-
gencode
iijrV9uD8LxD
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
cc60a3d87ac021e103a5ab312de0ea8178808d6e060fe69b5947be94c770609d
-
Size
628KB
-
MD5
34a70ea0794d10fceb96fadb5df4483e
-
SHA1
6696d5b98801dcffa8d7274ef6ce734a884f9df2
-
SHA256
cc60a3d87ac021e103a5ab312de0ea8178808d6e060fe69b5947be94c770609d
-
SHA512
7d784cc70b11bbff77a89df03c2a58b81584b7c4d814ea80fa98ec972883012da860bfaf053d0be78156a09c6af903e61c4b1c1b5ce64990cbc12de1fa0ebdf8
-
SSDEEP
12288:Z6I6olZkgjeeO26i5Y3nD0RcJd+nwmW/K13qiLLOl51kfgjdlA:Z6I6ol2wYXD0mJd+nMKhjaOgjU
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-