General
-
Target
ae955de0adbd770e1bb514715f4573388bbc7e90c99aeaca2b65c4161b3435cc
-
Size
1.2MB
-
Sample
221122-b882yaeg57
-
MD5
caa5e0f9ad65c916c8a3de2477b2fa76
-
SHA1
c97188979e44ab1d7c367d37e63867db7c278867
-
SHA256
ae955de0adbd770e1bb514715f4573388bbc7e90c99aeaca2b65c4161b3435cc
-
SHA512
d36ef9dd8bd5589136c95b7abb6606678e51710568cebed2c9d2103a2c620dfb787db48bb16773ed6dad8492263402a6aab6c1782bf57911ed606ab4a703d1e3
-
SSDEEP
24576:ds62Ca9jg62yGZ1xuVVjfFoynPaVBUR8f+kN10EBb62Y:ds6Zwjg6ZWQDgok30E6H
Behavioral task
behavioral1
Sample
ae955de0adbd770e1bb514715f4573388bbc7e90c99aeaca2b65c4161b3435cc.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Slaves
lad.servemp3.com:82
DC_MUTEX-4U57YHP
-
gencode
9hFQqDh14ZfY
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
ae955de0adbd770e1bb514715f4573388bbc7e90c99aeaca2b65c4161b3435cc
-
Size
1.2MB
-
MD5
caa5e0f9ad65c916c8a3de2477b2fa76
-
SHA1
c97188979e44ab1d7c367d37e63867db7c278867
-
SHA256
ae955de0adbd770e1bb514715f4573388bbc7e90c99aeaca2b65c4161b3435cc
-
SHA512
d36ef9dd8bd5589136c95b7abb6606678e51710568cebed2c9d2103a2c620dfb787db48bb16773ed6dad8492263402a6aab6c1782bf57911ed606ab4a703d1e3
-
SSDEEP
24576:ds62Ca9jg62yGZ1xuVVjfFoynPaVBUR8f+kN10EBb62Y:ds6Zwjg6ZWQDgok30E6H
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-