General
-
Target
f9197d5a2e2d7a2b2f80bb387f7d2c28
-
Size
1.2MB
-
Sample
231228-z8w95sgegn
-
MD5
f9197d5a2e2d7a2b2f80bb387f7d2c28
-
SHA1
4852766feb4948903bc09c9a493bf0f0398c0095
-
SHA256
5bfa91a23214f1a4bba7efffd224e5fdde2e7b69ecd9fe286b62451585c577a9
-
SHA512
6a53efdd665ccc6cc0bcd287809326ec9af28b584d14bf448d944fdbca27abde5362353c5793277bd29cffb79a322d034721d120060574aa667335551eff8718
-
SSDEEP
24576:Y2O/GlDHqFHHVDFNEzQbCG3/QJfSPXYuTfx8n2VuFSWVxNu:nHUYQjQhUo0WbsGxQ
Static task
static1
Behavioral task
behavioral1
Sample
f9197d5a2e2d7a2b2f80bb387f7d2c28.exe
Resource
win7-20231215-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
NEWBABY2
dcthings.changeip.org:988
DC_MUTEX-HMSY2RH
-
gencode
a2CQEonCR87h
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
f9197d5a2e2d7a2b2f80bb387f7d2c28
-
Size
1.2MB
-
MD5
f9197d5a2e2d7a2b2f80bb387f7d2c28
-
SHA1
4852766feb4948903bc09c9a493bf0f0398c0095
-
SHA256
5bfa91a23214f1a4bba7efffd224e5fdde2e7b69ecd9fe286b62451585c577a9
-
SHA512
6a53efdd665ccc6cc0bcd287809326ec9af28b584d14bf448d944fdbca27abde5362353c5793277bd29cffb79a322d034721d120060574aa667335551eff8718
-
SSDEEP
24576:Y2O/GlDHqFHHVDFNEzQbCG3/QJfSPXYuTfx8n2VuFSWVxNu:nHUYQjQhUo0WbsGxQ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-