General
-
Target
82534de56cd3119a15d6a90c454655dcf067f2b53bcd7d81c980660b3d63a2d4
-
Size
1.4MB
-
Sample
221202-1ax98aae3x
-
MD5
c160cd6bca4c3830a6724e9025679917
-
SHA1
490377dd2e7b4ac5a3beb76aeb8d4ccbe2a5a3c7
-
SHA256
82534de56cd3119a15d6a90c454655dcf067f2b53bcd7d81c980660b3d63a2d4
-
SHA512
e40ea4781822eea6118c46f5b8dc6c11ef2bb9cccbd2a283f31dfa35c1a81654ee263867eba27637f584e70289d17293c617b270ebbdf20b295e146b5dd4fbeb
-
SSDEEP
24576:Gg7XAzwtfPsTlwpF3DYpdhupEZF/FtKddBXjpOlu/c5Sg7VP5o6/pFxH:f7XAzwtfc2pDYA67KdxOlu/c5SiN6aBH
Static task
static1
Behavioral task
behavioral1
Sample
82534de56cd3119a15d6a90c454655dcf067f2b53bcd7d81c980660b3d63a2d4.exe
Resource
win7-20221111-en
Malware Config
Extracted
darkcomet
Server
lifefornoobs.no-ip.org:23697
9485kM24
-
gencode
cKpULmvnfG1r
-
install
false
-
offline_keylogger
true
-
password
123123
-
persistence
false
Targets
-
-
Target
82534de56cd3119a15d6a90c454655dcf067f2b53bcd7d81c980660b3d63a2d4
-
Size
1.4MB
-
MD5
c160cd6bca4c3830a6724e9025679917
-
SHA1
490377dd2e7b4ac5a3beb76aeb8d4ccbe2a5a3c7
-
SHA256
82534de56cd3119a15d6a90c454655dcf067f2b53bcd7d81c980660b3d63a2d4
-
SHA512
e40ea4781822eea6118c46f5b8dc6c11ef2bb9cccbd2a283f31dfa35c1a81654ee263867eba27637f584e70289d17293c617b270ebbdf20b295e146b5dd4fbeb
-
SSDEEP
24576:Gg7XAzwtfPsTlwpF3DYpdhupEZF/FtKddBXjpOlu/c5Sg7VP5o6/pFxH:f7XAzwtfc2pDYA67KdxOlu/c5SiN6aBH
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-