General
-
Target
2c7ec6ddbff93364c2f96227bc804da29826cfc10ff32b80b1d12a1acaf081f1
-
Size
1.0MB
-
Sample
221125-j12xnach27
-
MD5
d7dbd0670862cfb5eaca24c091ce6cdd
-
SHA1
754e3f28386a95391f8dc5f9eb51b176e23f4242
-
SHA256
2c7ec6ddbff93364c2f96227bc804da29826cfc10ff32b80b1d12a1acaf081f1
-
SHA512
1cbb39991c836f2bc9557f1f051b01df2b040db7f7c6541b3a8a687f994e361f90a7e7c7cd2d231b9ee986816d48cc4071568f0c2ee106a1c10ee434d8510e12
-
SSDEEP
24576:O9poYtYhCNrGgKb6Z9pe7d+U0c/d4WwnB5UYh:O9p6xb09qdht/6zl
Static task
static1
Behavioral task
behavioral1
Sample
2c7ec6ddbff93364c2f96227bc804da29826cfc10ff32b80b1d12a1acaf081f1.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
2c7ec6ddbff93364c2f96227bc804da29826cfc10ff32b80b1d12a1acaf081f1.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
darkcomet
Guest16
custumes.no-ip.biz:6712
DC_MUTEX-4FXVAGJ
-
gencode
aRxiGL6irJ3D
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
2c7ec6ddbff93364c2f96227bc804da29826cfc10ff32b80b1d12a1acaf081f1
-
Size
1.0MB
-
MD5
d7dbd0670862cfb5eaca24c091ce6cdd
-
SHA1
754e3f28386a95391f8dc5f9eb51b176e23f4242
-
SHA256
2c7ec6ddbff93364c2f96227bc804da29826cfc10ff32b80b1d12a1acaf081f1
-
SHA512
1cbb39991c836f2bc9557f1f051b01df2b040db7f7c6541b3a8a687f994e361f90a7e7c7cd2d231b9ee986816d48cc4071568f0c2ee106a1c10ee434d8510e12
-
SSDEEP
24576:O9poYtYhCNrGgKb6Z9pe7d+U0c/d4WwnB5UYh:O9p6xb09qdht/6zl
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-