General
-
Target
4e02f19bb4c2354e7b758c043d85724b124faa82001d0ac989c94f63eace10b5
-
Size
730KB
-
Sample
221125-ws7jdsdh94
-
MD5
ac0084655df1d34155a28d530920e87a
-
SHA1
f99959b6e41392a5471bc4b62c12d27f8f064fcd
-
SHA256
4e02f19bb4c2354e7b758c043d85724b124faa82001d0ac989c94f63eace10b5
-
SHA512
c968952c654e09f1b21149ff7ec4954b86d37582fa6857e945d2c641fadba2403cca2f4c41fb77fd6335c38295ae0f7b6d03ee834e0c7f51d26b5ab1d5f121fb
-
SSDEEP
12288:WmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyF8y9HMeF:WBIGkbxqEcjsWiDxguehC2S4j
Behavioral task
behavioral1
Sample
4e02f19bb4c2354e7b758c043d85724b124faa82001d0ac989c94f63eace10b5.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-ESB4ZP1
-
gencode
HaqyDFYKmGBe
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
4e02f19bb4c2354e7b758c043d85724b124faa82001d0ac989c94f63eace10b5
-
Size
730KB
-
MD5
ac0084655df1d34155a28d530920e87a
-
SHA1
f99959b6e41392a5471bc4b62c12d27f8f064fcd
-
SHA256
4e02f19bb4c2354e7b758c043d85724b124faa82001d0ac989c94f63eace10b5
-
SHA512
c968952c654e09f1b21149ff7ec4954b86d37582fa6857e945d2c641fadba2403cca2f4c41fb77fd6335c38295ae0f7b6d03ee834e0c7f51d26b5ab1d5f121fb
-
SSDEEP
12288:WmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyF8y9HMeF:WBIGkbxqEcjsWiDxguehC2S4j
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-