General
-
Target
a3c52927ac2b85f60a205fd2f2e90a65
-
Size
627KB
-
Sample
240225-pknb8acb5y
-
MD5
a3c52927ac2b85f60a205fd2f2e90a65
-
SHA1
c9829668db31ce439bb6d2f0ad70be6cf80468ca
-
SHA256
29fa37b763393d81c06e2a75ee9e59351b2d82e8ab87adecd2f11d222cb0fbb6
-
SHA512
2eb1e00c081c7358ed51fa675c7d29f7abb3b7e55b0da6f1c4d302e68935f34788002ee5da502af6da6ecdd0ab597efed66d7e0a149ed2d9c08b08d4bb9068b6
-
SSDEEP
12288:rKP7lJ8l+/sx2OkDl2O2EFi/nfgwi+333u8Lo0poD0fytqV:+5J8ldx2fJrnK3331LogoIfytqV
Static task
static1
Behavioral task
behavioral1
Sample
a3c52927ac2b85f60a205fd2f2e90a65.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Tool-01
doctor12.no-ip.org:1604
DC_MUTEX-A64KEZW
-
gencode
2mp1vedcVuuz
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
a3c52927ac2b85f60a205fd2f2e90a65
-
Size
627KB
-
MD5
a3c52927ac2b85f60a205fd2f2e90a65
-
SHA1
c9829668db31ce439bb6d2f0ad70be6cf80468ca
-
SHA256
29fa37b763393d81c06e2a75ee9e59351b2d82e8ab87adecd2f11d222cb0fbb6
-
SHA512
2eb1e00c081c7358ed51fa675c7d29f7abb3b7e55b0da6f1c4d302e68935f34788002ee5da502af6da6ecdd0ab597efed66d7e0a149ed2d9c08b08d4bb9068b6
-
SSDEEP
12288:rKP7lJ8l+/sx2OkDl2O2EFi/nfgwi+333u8Lo0poD0fytqV:+5J8ldx2fJrnK3331LogoIfytqV
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-