General
-
Target
229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715
-
Size
2.7MB
-
Sample
221126-a8bwrsdg4t
-
MD5
73b640feaa707f1db67d8bbce19cf704
-
SHA1
ade33c18143d000a08971cd18d8e874284e14a9e
-
SHA256
229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715
-
SHA512
3209cc9189f92e8161a9b68e0eba3b99f54eb274ad95fd5b97f674713bfad50f3e550dc5ef11b9772d07e28ac8b80003dafe487e43c40595de3aeb0638b53d4b
-
SSDEEP
49152:rJZoQrbTFZY1iaDRwEYUbN9+qzA7LMD/Cqp+IH8LQaddDkG+d139q4cxpUuas:rtrbTA1BwJUb7lc3MDaqA0T7v8Z
Static task
static1
Behavioral task
behavioral1
Sample
229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
Guest16_min
iloverats12.no-ip.biz:5468
DCMIN_MUTEX-3DXPTA4
-
gencode
ji9E7fZNtWow
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715
-
Size
2.7MB
-
MD5
73b640feaa707f1db67d8bbce19cf704
-
SHA1
ade33c18143d000a08971cd18d8e874284e14a9e
-
SHA256
229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715
-
SHA512
3209cc9189f92e8161a9b68e0eba3b99f54eb274ad95fd5b97f674713bfad50f3e550dc5ef11b9772d07e28ac8b80003dafe487e43c40595de3aeb0638b53d4b
-
SSDEEP
49152:rJZoQrbTFZY1iaDRwEYUbN9+qzA7LMD/Cqp+IH8LQaddDkG+d139q4cxpUuas:rtrbTA1BwJUb7lc3MDaqA0T7v8Z
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-