General
-
Target
92f143956b9a12540154e290c4e62564
-
Size
761KB
-
Sample
240205-zedwpsgaf4
-
MD5
92f143956b9a12540154e290c4e62564
-
SHA1
1fee278385d5b122aed257fafad8438382492dec
-
SHA256
eba350227560d9ced91f4d3d85758edeca142d387cb2156dc9e169aaa0a4e6c6
-
SHA512
9dc37a30a62757252577fa00dbfc195b99274f8b868a9833a2b46f3b7b1d50c1363d142807b405068d8bdab1cbbc8ec5dca1691f223dc04c3b64c08066d5f3f7
-
SSDEEP
12288:BMrNIqNDs+RG7Y/ovzi0dSR/qP5OrOEuDAE+GL2QehBLouk3DefG7h:CrNIqNDsK6tvRda/RONAE+M2QebnkQGl
Static task
static1
Behavioral task
behavioral1
Sample
92f143956b9a12540154e290c4e62564.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
92f143956b9a12540154e290c4e62564.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Crypted
anonymoushere.no-ip.org:1604
DC_MUTEX-J8M2E7P
-
gencode
GmA26Nic56qT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
92f143956b9a12540154e290c4e62564
-
Size
761KB
-
MD5
92f143956b9a12540154e290c4e62564
-
SHA1
1fee278385d5b122aed257fafad8438382492dec
-
SHA256
eba350227560d9ced91f4d3d85758edeca142d387cb2156dc9e169aaa0a4e6c6
-
SHA512
9dc37a30a62757252577fa00dbfc195b99274f8b868a9833a2b46f3b7b1d50c1363d142807b405068d8bdab1cbbc8ec5dca1691f223dc04c3b64c08066d5f3f7
-
SSDEEP
12288:BMrNIqNDs+RG7Y/ovzi0dSR/qP5OrOEuDAE+GL2QehBLouk3DefG7h:CrNIqNDsK6tvRda/RONAE+M2QebnkQGl
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-