General
-
Target
aec5792af7af331e9f4202eac9bffec4949315426d5664b4bec4b92ef9d852ce
-
Size
3.3MB
-
Sample
221128-gjyskaef5y
-
MD5
33cfb8a961ff5d36d4ccaa08a6c62d65
-
SHA1
530dd18398d48e0976561e4a0b099e7f20f05ec6
-
SHA256
aec5792af7af331e9f4202eac9bffec4949315426d5664b4bec4b92ef9d852ce
-
SHA512
87ee7154b678715fe1f669e1cff8b570eccccda6e5ebb0b21dcbc6202aab1eaff3eb0c0f5b38153f8f848f17596afd6b58e79b8415459c7c3ac90e59119f8b5c
-
SSDEEP
49152:gFpRSE2HtYhiLeCCEbaOWhxbgGzH97Z4a3syCyyIPo:cRSxHtWYCEbaOWhxbgy7tsnco
Static task
static1
Behavioral task
behavioral1
Sample
aec5792af7af331e9f4202eac9bffec4949315426d5664b4bec4b92ef9d852ce.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Hardcore
darkcometi.no-ip.biz:1604
DC_MUTEX-F54S21D
-
gencode
oLPNrCVEbNtk
-
install
false
-
offline_keylogger
true
-
password
topfun3814
-
persistence
false
Targets
-
-
Target
aec5792af7af331e9f4202eac9bffec4949315426d5664b4bec4b92ef9d852ce
-
Size
3.3MB
-
MD5
33cfb8a961ff5d36d4ccaa08a6c62d65
-
SHA1
530dd18398d48e0976561e4a0b099e7f20f05ec6
-
SHA256
aec5792af7af331e9f4202eac9bffec4949315426d5664b4bec4b92ef9d852ce
-
SHA512
87ee7154b678715fe1f669e1cff8b570eccccda6e5ebb0b21dcbc6202aab1eaff3eb0c0f5b38153f8f848f17596afd6b58e79b8415459c7c3ac90e59119f8b5c
-
SSDEEP
49152:gFpRSE2HtYhiLeCCEbaOWhxbgGzH97Z4a3syCyyIPo:cRSxHtWYCEbaOWhxbgy7tsnco
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-