General
-
Target
61480cee0487217c779cfcf26c2c3a46deb9a6f4c1d5c7f4db60a0d36283b649
-
Size
882KB
-
Sample
220730-1hn2hshce8
-
MD5
725abc276b0a0b2d6f1b52c5ea4638e1
-
SHA1
0a7474ca996d1d8228b3fb517a5c941e372ad591
-
SHA256
61480cee0487217c779cfcf26c2c3a46deb9a6f4c1d5c7f4db60a0d36283b649
-
SHA512
1321cfd6ab81351b6e316456aabb71ed5986081dff409e2a66b5879b4e0e866415628539eada2404c0a829058247163504510ea23595943534a7e69786d37976
Static task
static1
Behavioral task
behavioral1
Sample
61480cee0487217c779cfcf26c2c3a46deb9a6f4c1d5c7f4db60a0d36283b649.exe
Resource
win7-20220718-en
Malware Config
Extracted
darkcomet
Contact
kartelicemoney.ddns.net:1605
DCMIN_MUTEX-QUGY3QM
-
gencode
ocS0nl7RMgmX
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
61480cee0487217c779cfcf26c2c3a46deb9a6f4c1d5c7f4db60a0d36283b649
-
Size
882KB
-
MD5
725abc276b0a0b2d6f1b52c5ea4638e1
-
SHA1
0a7474ca996d1d8228b3fb517a5c941e372ad591
-
SHA256
61480cee0487217c779cfcf26c2c3a46deb9a6f4c1d5c7f4db60a0d36283b649
-
SHA512
1321cfd6ab81351b6e316456aabb71ed5986081dff409e2a66b5879b4e0e866415628539eada2404c0a829058247163504510ea23595943534a7e69786d37976
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-