General
-
Target
6f3b4ee8f744edeedfdf34e2da175194
-
Size
392KB
-
Sample
240122-kp44bachc7
-
MD5
6f3b4ee8f744edeedfdf34e2da175194
-
SHA1
82f2c9f799360483c888fba323224b51d7199305
-
SHA256
56d0fd9e67ef644736a28aa546df092c4c18a6230b724bcb750c20c3c6a7cc4d
-
SHA512
eddb31165635f6042c1784653c9b27f1f718c7efb0c17fa1876369725f6a82029d52cdc33f326b547fb70e8f826e36beced2083a48198a11def97878c4ada70b
-
SSDEEP
6144:FQ3mMEH9mxnAWDNLzo91Mvz13sqd9yW6dM4R04utenb1DbV78g3pY:WmDdSAOdkrMz13vd1oMU0h0bLYg5
Static task
static1
Behavioral task
behavioral1
Sample
6f3b4ee8f744edeedfdf34e2da175194.exe
Resource
win7-20231215-en
Malware Config
Extracted
darkcomet
Guest16
joannn.zapto.org:80
DC_MUTEX-F54S21D
-
gencode
MvLWkVpD9cCK
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
6f3b4ee8f744edeedfdf34e2da175194
-
Size
392KB
-
MD5
6f3b4ee8f744edeedfdf34e2da175194
-
SHA1
82f2c9f799360483c888fba323224b51d7199305
-
SHA256
56d0fd9e67ef644736a28aa546df092c4c18a6230b724bcb750c20c3c6a7cc4d
-
SHA512
eddb31165635f6042c1784653c9b27f1f718c7efb0c17fa1876369725f6a82029d52cdc33f326b547fb70e8f826e36beced2083a48198a11def97878c4ada70b
-
SSDEEP
6144:FQ3mMEH9mxnAWDNLzo91Mvz13sqd9yW6dM4R04utenb1DbV78g3pY:WmDdSAOdkrMz13vd1oMU0h0bLYg5
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-