General
-
Target
49135d58b75a7f25cd28d53cc7e65aa71401e039f1654cd7fab3bb9be7d43f94
-
Size
544KB
-
Sample
220714-ba26qshfe7
-
MD5
8ebb4c054d2872a208baba4f2d6d4c35
-
SHA1
8c3c349de7b8a251a415634892081e192d3897ab
-
SHA256
49135d58b75a7f25cd28d53cc7e65aa71401e039f1654cd7fab3bb9be7d43f94
-
SHA512
3cc09d2e2e71ec1042e2a5e9480566dacf28ad251f6b102f3d4c05825060de83f859ef01d5362906cb12cbde0f261f0bfe0e81e0062a1105289e682d3ff54236
Static task
static1
Behavioral task
behavioral1
Sample
49135d58b75a7f25cd28d53cc7e65aa71401e039f1654cd7fab3bb9be7d43f94.exe
Resource
win7-20220414-en
Malware Config
Extracted
darkcomet
Guest16
aca33.no-ip.biz:1088
DC_MUTEX-JCDE4M2
-
gencode
82Yjkqrl1Z2U
-
install
false
-
offline_keylogger
true
-
password
penis3311
-
persistence
false
Targets
-
-
Target
49135d58b75a7f25cd28d53cc7e65aa71401e039f1654cd7fab3bb9be7d43f94
-
Size
544KB
-
MD5
8ebb4c054d2872a208baba4f2d6d4c35
-
SHA1
8c3c349de7b8a251a415634892081e192d3897ab
-
SHA256
49135d58b75a7f25cd28d53cc7e65aa71401e039f1654cd7fab3bb9be7d43f94
-
SHA512
3cc09d2e2e71ec1042e2a5e9480566dacf28ad251f6b102f3d4c05825060de83f859ef01d5362906cb12cbde0f261f0bfe0e81e0062a1105289e682d3ff54236
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-