General
-
Target
2854f35831f06a94ccb475adc9316b392d85e29d7d5dd6680f3cc8c55f6836cb
-
Size
824KB
-
Sample
221125-d6gk1shd72
-
MD5
e9e660f7c3c0ef6669166b8bc82a2e2f
-
SHA1
ecabe80e9e1ae605662b75e6a72da8021e19cf5c
-
SHA256
2854f35831f06a94ccb475adc9316b392d85e29d7d5dd6680f3cc8c55f6836cb
-
SHA512
3f56df328ae2404728afa24bbb08aacf52aa257b0b2ef9e7c251ab8cdac92b4b0a26f230d10b9fb4fb8f77a64b5c8d49802ed7decd68b59bfa924bd7f9a0fca4
-
SSDEEP
12288:0Ed5sjrZovwodrI0x+GT2zLv5MBk7GYhI7/2UcDt4rsHKwEnuXFlazlBtljO5h:0Ed5AZoJdrIJ42nxGkEcWsH9S9K
Static task
static1
Behavioral task
behavioral1
Sample
2854f35831f06a94ccb475adc9316b392d85e29d7d5dd6680f3cc8c55f6836cb.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2854f35831f06a94ccb475adc9316b392d85e29d7d5dd6680f3cc8c55f6836cb.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Guest16
cyphers.duckdns.org:1604
Cyphers.crabdance.com:1604
DC_MUTEX-T8G359H
-
gencode
v47Cw5Ag1r9Z
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
2854f35831f06a94ccb475adc9316b392d85e29d7d5dd6680f3cc8c55f6836cb
-
Size
824KB
-
MD5
e9e660f7c3c0ef6669166b8bc82a2e2f
-
SHA1
ecabe80e9e1ae605662b75e6a72da8021e19cf5c
-
SHA256
2854f35831f06a94ccb475adc9316b392d85e29d7d5dd6680f3cc8c55f6836cb
-
SHA512
3f56df328ae2404728afa24bbb08aacf52aa257b0b2ef9e7c251ab8cdac92b4b0a26f230d10b9fb4fb8f77a64b5c8d49802ed7decd68b59bfa924bd7f9a0fca4
-
SSDEEP
12288:0Ed5sjrZovwodrI0x+GT2zLv5MBk7GYhI7/2UcDt4rsHKwEnuXFlazlBtljO5h:0Ed5AZoJdrIJ42nxGkEcWsH9S9K
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-