General
-
Target
cc516ff30dfd1a2d6acae1f2ef94f6aa3656e7c1353decad4f7e88f41be7b547
-
Size
708KB
-
Sample
221030-h357esaadq
-
MD5
931f60c82109b767352e87aed7ebb37c
-
SHA1
84d87292f2d256f29a6642b59a89ee579734208b
-
SHA256
cc516ff30dfd1a2d6acae1f2ef94f6aa3656e7c1353decad4f7e88f41be7b547
-
SHA512
3e58e7e77366804c2e740050725391bdf46bcc60eb86e09e516686ff652fb0d09cab9d8caf63a464b70b78e012fa6ad5e252078571d48b3e4dd239714edfb96e
-
SSDEEP
12288:bBWhp889/N2aedcEmNSHAvZIM1Cv1skOJBU67qkb2Tx7S:9WhpOS0AavtX67q5Tx7S
Static task
static1
Behavioral task
behavioral1
Sample
cc516ff30dfd1a2d6acae1f2ef94f6aa3656e7c1353decad4f7e88f41be7b547.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cc516ff30dfd1a2d6acae1f2ef94f6aa3656e7c1353decad4f7e88f41be7b547.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
slaves
ratted.no-ip.biz:1604
DC_MUTEX-F54S21D
-
gencode
F4jP2rBTAKcb
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
cc516ff30dfd1a2d6acae1f2ef94f6aa3656e7c1353decad4f7e88f41be7b547
-
Size
708KB
-
MD5
931f60c82109b767352e87aed7ebb37c
-
SHA1
84d87292f2d256f29a6642b59a89ee579734208b
-
SHA256
cc516ff30dfd1a2d6acae1f2ef94f6aa3656e7c1353decad4f7e88f41be7b547
-
SHA512
3e58e7e77366804c2e740050725391bdf46bcc60eb86e09e516686ff652fb0d09cab9d8caf63a464b70b78e012fa6ad5e252078571d48b3e4dd239714edfb96e
-
SSDEEP
12288:bBWhp889/N2aedcEmNSHAvZIM1Cv1skOJBU67qkb2Tx7S:9WhpOS0AavtX67q5Tx7S
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-