General
-
Target
b4d1ddba5d16a8e7d588a47b82ae1edd515ce9a7fc49e2463711e230fe7efd0a
-
Size
609KB
-
Sample
221203-dbe4psca5z
-
MD5
331da72e491868ab31ce11fe02f5bb15
-
SHA1
bfbf35096f56e92f08815487e1cbb088efaf31e9
-
SHA256
b4d1ddba5d16a8e7d588a47b82ae1edd515ce9a7fc49e2463711e230fe7efd0a
-
SHA512
2b3930150894fb1b6e3f41fd5edeb25f6a68de005a9a20bdd02418a190805a9291c6185d2f7a8e3e3d4a42cbec92fc29d69b76d4d4cd486dd75963ccd6e6c71f
-
SSDEEP
12288:gzyFWnsipV73N8rA/gC+apkmvReK7E9zF9wTtTEC9NTvER+dZ07boQK1bhHl3:WfZpV7N8rA4i3Rak1JNLI+0oQ+hF
Static task
static1
Behavioral task
behavioral1
Sample
b4d1ddba5d16a8e7d588a47b82ae1edd515ce9a7fc49e2463711e230fe7efd0a.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
b4d1ddba5d16a8e7d588a47b82ae1edd515ce9a7fc49e2463711e230fe7efd0a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16
216.38.2.194:1608
DC_MUTEX-B3GGRXH
-
gencode
x22S1Hl5yBQe
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
b4d1ddba5d16a8e7d588a47b82ae1edd515ce9a7fc49e2463711e230fe7efd0a
-
Size
609KB
-
MD5
331da72e491868ab31ce11fe02f5bb15
-
SHA1
bfbf35096f56e92f08815487e1cbb088efaf31e9
-
SHA256
b4d1ddba5d16a8e7d588a47b82ae1edd515ce9a7fc49e2463711e230fe7efd0a
-
SHA512
2b3930150894fb1b6e3f41fd5edeb25f6a68de005a9a20bdd02418a190805a9291c6185d2f7a8e3e3d4a42cbec92fc29d69b76d4d4cd486dd75963ccd6e6c71f
-
SSDEEP
12288:gzyFWnsipV73N8rA/gC+apkmvReK7E9zF9wTtTEC9NTvER+dZ07boQK1bhHl3:WfZpV7N8rA4i3Rak1JNLI+0oQ+hF
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-