General
-
Target
f33357da6977b1dad53c52c18710f84b58d48a1225848bcba3148e4a4f67b569
-
Size
724KB
-
Sample
221203-dcy8zacb7z
-
MD5
f517871829e8cbab778a5015d7b14afe
-
SHA1
056164b8b5ca5c2eaaca8fdbaccc13216232682e
-
SHA256
f33357da6977b1dad53c52c18710f84b58d48a1225848bcba3148e4a4f67b569
-
SHA512
b8502bb184b61ed098d3da5806f54405e9e542ccf8317bdef477ba538371f6acb58df03d155c282be5c417d0dd977614ad1befad3813505a82464fb71628c608
-
SSDEEP
12288:MBdaKTua5Jw4CZo+HLqY9fl0OLTyi9wG1D6avNfBaCRZqD02QcQXKcDq6Rgi//Kg:wrigKfnHLLXfGGMy4YcQXKcDq6Rg6/Kg
Static task
static1
Behavioral task
behavioral1
Sample
f33357da6977b1dad53c52c18710f84b58d48a1225848bcba3148e4a4f67b569.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Slave
127.0.0.1:1604
DC_MUTEX-94LKTR2
-
gencode
PUyr7vQgVqSS
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
f33357da6977b1dad53c52c18710f84b58d48a1225848bcba3148e4a4f67b569
-
Size
724KB
-
MD5
f517871829e8cbab778a5015d7b14afe
-
SHA1
056164b8b5ca5c2eaaca8fdbaccc13216232682e
-
SHA256
f33357da6977b1dad53c52c18710f84b58d48a1225848bcba3148e4a4f67b569
-
SHA512
b8502bb184b61ed098d3da5806f54405e9e542ccf8317bdef477ba538371f6acb58df03d155c282be5c417d0dd977614ad1befad3813505a82464fb71628c608
-
SSDEEP
12288:MBdaKTua5Jw4CZo+HLqY9fl0OLTyi9wG1D6avNfBaCRZqD02QcQXKcDq6Rgi//Kg:wrigKfnHLLXfGGMy4YcQXKcDq6Rg6/Kg
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-