General
-
Target
9d1e5cdd301370265effefd9d7332917a9f81148b9c5345e14cf4d7627b3e504
-
Size
742KB
-
Sample
221203-dg1mlace7y
-
MD5
3d9fb784d8bad35e1fc6f114092b0e61
-
SHA1
21950040713e37949c80b75e4c15fa6163ef67b2
-
SHA256
9d1e5cdd301370265effefd9d7332917a9f81148b9c5345e14cf4d7627b3e504
-
SHA512
9c80a51a0849195f6cac34a8cba53229d05a900d29ba8a327418d5502ee559485b8b1637f07be43404fe737f29a669412e11ffd329b210f04ebd040493230f85
-
SSDEEP
12288:J08Xr7FoMtKhx92E7eosUsF4hxekb7NKiMRFhoE3KK1:m8b7FoGKX8KeosUO4hwktKbhou/1
Static task
static1
Behavioral task
behavioral1
Sample
9d1e5cdd301370265effefd9d7332917a9f81148b9c5345e14cf4d7627b3e504.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest16
188.190.86.62:1604
DC_MUTEX-W0U2X3G
-
gencode
ApppNhBV8t9f
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
9d1e5cdd301370265effefd9d7332917a9f81148b9c5345e14cf4d7627b3e504
-
Size
742KB
-
MD5
3d9fb784d8bad35e1fc6f114092b0e61
-
SHA1
21950040713e37949c80b75e4c15fa6163ef67b2
-
SHA256
9d1e5cdd301370265effefd9d7332917a9f81148b9c5345e14cf4d7627b3e504
-
SHA512
9c80a51a0849195f6cac34a8cba53229d05a900d29ba8a327418d5502ee559485b8b1637f07be43404fe737f29a669412e11ffd329b210f04ebd040493230f85
-
SSDEEP
12288:J08Xr7FoMtKhx92E7eosUsF4hxekb7NKiMRFhoE3KK1:m8b7FoGKX8KeosUO4hwktKbhou/1
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-