General
-
Target
dde7e1a84de71961c7c2f8de086887e95403b9db00ac15be432b8c0ea6e600f0
-
Size
1.6MB
-
Sample
220203-sfx8eaahgj
-
MD5
1b6bd8b3d870fb9ef9565dd703455919
-
SHA1
2f36132ffc95082bda75c43e53290c4a74565095
-
SHA256
dde7e1a84de71961c7c2f8de086887e95403b9db00ac15be432b8c0ea6e600f0
-
SHA512
47f95a7b6b542b660c7bffe29c6e87a1d0115ba288175191afdaf14a57a5dbfafbd31ad0698f35480539593362c1b0dfd6558d669361f9f0353445591ff3ef68
Static task
static1
Behavioral task
behavioral1
Sample
dde7e1a84de71961c7c2f8de086887e95403b9db00ac15be432b8c0ea6e600f0.exe
Resource
win7-en-20211208
Malware Config
Extracted
darkcomet
Random
t3chie.no-ip.biz:1604
DC_MUTEX-FLCLE41
-
gencode
FfYLXAQDzp0t
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
dde7e1a84de71961c7c2f8de086887e95403b9db00ac15be432b8c0ea6e600f0
-
Size
1.6MB
-
MD5
1b6bd8b3d870fb9ef9565dd703455919
-
SHA1
2f36132ffc95082bda75c43e53290c4a74565095
-
SHA256
dde7e1a84de71961c7c2f8de086887e95403b9db00ac15be432b8c0ea6e600f0
-
SHA512
47f95a7b6b542b660c7bffe29c6e87a1d0115ba288175191afdaf14a57a5dbfafbd31ad0698f35480539593362c1b0dfd6558d669361f9f0353445591ff3ef68
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-