General
-
Target
6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb
-
Size
932KB
-
Sample
221202-zj2tbsce64
-
MD5
7e80342ffb90f453028d8606d219711c
-
SHA1
01994770e9fa0ed87157ae1f621c5d4e54fe2c72
-
SHA256
6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb
-
SHA512
1e2b172c941583ed5ae395f34301e0d982d397a940d01b548e803c2533a6f289c81631543d5998b7e1b1162ab0e764cfd8f1e301c356bc9ae13b33a0c7dc4f29
-
SSDEEP
12288:lDKoo9n4dhg6XpkikDinEo4ccilYWkPLk8+IPfI7oRn6xXBIedJ/RRo:7OnWg6Z3k049WwLk8G7ol6dBIeM
Static task
static1
Behavioral task
behavioral1
Sample
6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
DEUPDATE
xdarkx.zapto.org:1604
DC_MUTEX-5HAFWPD
-
gencode
h7Ba7QTpm8E6
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb
-
Size
932KB
-
MD5
7e80342ffb90f453028d8606d219711c
-
SHA1
01994770e9fa0ed87157ae1f621c5d4e54fe2c72
-
SHA256
6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb
-
SHA512
1e2b172c941583ed5ae395f34301e0d982d397a940d01b548e803c2533a6f289c81631543d5998b7e1b1162ab0e764cfd8f1e301c356bc9ae13b33a0c7dc4f29
-
SSDEEP
12288:lDKoo9n4dhg6XpkikDinEo4ccilYWkPLk8+IPfI7oRn6xXBIedJ/RRo:7OnWg6Z3k049WwLk8G7ol6dBIeM
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-