General
-
Target
c799cd2ae469bbf3de57eb92f53cbb9d
-
Size
1.2MB
-
Sample
240314-d95r1shf9z
-
MD5
c799cd2ae469bbf3de57eb92f53cbb9d
-
SHA1
220907cfb0b1d69197a058e5ed93d19f199840eb
-
SHA256
262b8b6b24b3207d8dea4d204e51707472f6df35d77a71b9198aea9c1f412021
-
SHA512
949ba93b76e9bcdfc0d41ebb44f4f77c2f4d0cec3d9c8ba49891dce74e88ca3a00561c118c2441744cd5e69a85c7dfa3f7eb2171ab67b74c7d0d085bee4c32b2
-
SSDEEP
12288:0d2nCidaZdfUrcKUXGoVAYdMXDXQysHMGqUqSn1pQdICqBS9AtAxDfDBAn3NEF+/:bCEcKtb0yuEvmjscbGDns+UHj
Static task
static1
Behavioral task
behavioral1
Sample
c799cd2ae469bbf3de57eb92f53cbb9d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c799cd2ae469bbf3de57eb92f53cbb9d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
darkcomet
Guest16
146.185.24.209:1604
DC_MUTEX-6ZET9U3
-
gencode
rUvTH9YCGM3j
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
c799cd2ae469bbf3de57eb92f53cbb9d
-
Size
1.2MB
-
MD5
c799cd2ae469bbf3de57eb92f53cbb9d
-
SHA1
220907cfb0b1d69197a058e5ed93d19f199840eb
-
SHA256
262b8b6b24b3207d8dea4d204e51707472f6df35d77a71b9198aea9c1f412021
-
SHA512
949ba93b76e9bcdfc0d41ebb44f4f77c2f4d0cec3d9c8ba49891dce74e88ca3a00561c118c2441744cd5e69a85c7dfa3f7eb2171ab67b74c7d0d085bee4c32b2
-
SSDEEP
12288:0d2nCidaZdfUrcKUXGoVAYdMXDXQysHMGqUqSn1pQdICqBS9AtAxDfDBAn3NEF+/:bCEcKtb0yuEvmjscbGDns+UHj
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-