General
-
Target
d89778041a76276bc376228884e174870f324b87ff00360a67deea48f8fd97ba
-
Size
944KB
-
Sample
221130-wnbk6afc9t
-
MD5
f9d6a5ea6556afa9e5009c07e6b0e693
-
SHA1
6bb7bbeed3c7a8439c8736186dfee27ce0c3970b
-
SHA256
d89778041a76276bc376228884e174870f324b87ff00360a67deea48f8fd97ba
-
SHA512
e86b8f13fbbfeb1420a8ab202b4895ab36813dd8e095830322381743e16f80c3c35ffde3b87825d1f1b3dfa7653dcb9adc757b3db5297593b5d61e56c72af29d
-
SSDEEP
24576:f2O/GlGy2sKbLa/9ADIW9uBEwwmxhKbH3rUO46Gr3:z8V3XBpwmxUT3iD
Static task
static1
Behavioral task
behavioral1
Sample
d89778041a76276bc376228884e174870f324b87ff00360a67deea48f8fd97ba.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
olembe
grace2018.duckdns.org:1907
DCMIN_MUTEX-Z7Y73WP
-
gencode
9ru4AwRuQGQl
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
d89778041a76276bc376228884e174870f324b87ff00360a67deea48f8fd97ba
-
Size
944KB
-
MD5
f9d6a5ea6556afa9e5009c07e6b0e693
-
SHA1
6bb7bbeed3c7a8439c8736186dfee27ce0c3970b
-
SHA256
d89778041a76276bc376228884e174870f324b87ff00360a67deea48f8fd97ba
-
SHA512
e86b8f13fbbfeb1420a8ab202b4895ab36813dd8e095830322381743e16f80c3c35ffde3b87825d1f1b3dfa7653dcb9adc757b3db5297593b5d61e56c72af29d
-
SSDEEP
24576:f2O/GlGy2sKbLa/9ADIW9uBEwwmxhKbH3rUO46Gr3:z8V3XBpwmxUT3iD
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-