General
-
Target
5e859db2003ee7317d904eb76f17fbf92b5029a030419a94ce439368e7c4db15
-
Size
708KB
-
Sample
221128-xs1aradf7s
-
MD5
c27c9fb20fd20a8dcf92347c16edff77
-
SHA1
b5d995518f01a4ded91985bd5b387881d08285cb
-
SHA256
5e859db2003ee7317d904eb76f17fbf92b5029a030419a94ce439368e7c4db15
-
SHA512
394579ee090ab31dd5e4bca63fa42b1e5724896a31049d1c1e544737d21f2954cf044190860b016573322632274443133df6e72c39d690cc876cd148f65b3435
-
SSDEEP
12288:N9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h:nZ1xuVVjfFoynPaVBUR8f+kN10EB
Behavioral task
behavioral1
Sample
5e859db2003ee7317d904eb76f17fbf92b5029a030419a94ce439368e7c4db15.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Guest16
testhost1.sytes.net:5512
DC_MUTEX-2QZS2FP
-
gencode
Z7L89T4eGqM5
-
install
false
-
offline_keylogger
true
-
password
8520
-
persistence
false
Extracted
njrat
0.7d
HacKed
testhost1.sytes.net:1177
56a6d4f2e6d1ec5213892d7d8674d7f1
-
reg_key
56a6d4f2e6d1ec5213892d7d8674d7f1
-
splitter
|'|'|
Targets
-
-
Target
5e859db2003ee7317d904eb76f17fbf92b5029a030419a94ce439368e7c4db15
-
Size
708KB
-
MD5
c27c9fb20fd20a8dcf92347c16edff77
-
SHA1
b5d995518f01a4ded91985bd5b387881d08285cb
-
SHA256
5e859db2003ee7317d904eb76f17fbf92b5029a030419a94ce439368e7c4db15
-
SHA512
394579ee090ab31dd5e4bca63fa42b1e5724896a31049d1c1e544737d21f2954cf044190860b016573322632274443133df6e72c39d690cc876cd148f65b3435
-
SSDEEP
12288:N9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h:nZ1xuVVjfFoynPaVBUR8f+kN10EB
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-