General
-
Target
5416e68a20583a53c9ee6101816b3f102c76b896f07fa821124e1a21735ff290
-
Size
950KB
-
Sample
220725-y4tssadee6
-
MD5
d3e2af4f8f88490975ae558aa6b9fe0b
-
SHA1
e2ca37ecc37d6f56e882450aff4e71b0c10da4dd
-
SHA256
5416e68a20583a53c9ee6101816b3f102c76b896f07fa821124e1a21735ff290
-
SHA512
861e33f3a46e218cce556250a35f4ca91d64ecf8d7185e48649413aecaad04e0ff4463c479115711880246bcddb02dc9bb951c95fb26293748461d3aab927a79
Static task
static1
Behavioral task
behavioral1
Sample
5416e68a20583a53c9ee6101816b3f102c76b896f07fa821124e1a21735ff290.exe
Resource
win7-20220718-en
Malware Config
Extracted
darkcomet
Salah
kartelicemoney.duckdns.org:1605
DCMIN_MUTEX-8J9E6TW
-
gencode
eB8WGdR0a7r7
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
5416e68a20583a53c9ee6101816b3f102c76b896f07fa821124e1a21735ff290
-
Size
950KB
-
MD5
d3e2af4f8f88490975ae558aa6b9fe0b
-
SHA1
e2ca37ecc37d6f56e882450aff4e71b0c10da4dd
-
SHA256
5416e68a20583a53c9ee6101816b3f102c76b896f07fa821124e1a21735ff290
-
SHA512
861e33f3a46e218cce556250a35f4ca91d64ecf8d7185e48649413aecaad04e0ff4463c479115711880246bcddb02dc9bb951c95fb26293748461d3aab927a79
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-