General
-
Target
e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80
-
Size
611KB
-
Sample
221203-dy1c6aah55
-
MD5
5c898dd2bc147ffad06ac8362d13614c
-
SHA1
8f8fc1e81ee69b12a06e256d7f0cdceea54d25dd
-
SHA256
e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80
-
SHA512
fcfb8dca28fe47b61f2b201ce160854a3c865aa0f049020a2e741df271772d3e0fd71ebb30fa85d2ad80bc3c0dc0c57183a977f5f4082afc4c240c9d6b06b650
-
SSDEEP
12288:LTqSnzWHA+m3S0fapaJehb2qTvxpGrLRRWDyw4tw+Unzyn6PPr:/qSn4mCSJS1v7GPUz4tYun6n
Static task
static1
Behavioral task
behavioral1
Sample
e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80.exe
Resource
win7-20220812-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
192.168.1.7:1604
87.212.172.69:1604
rattedmyfriend.no-ip.biz:8003
DC_MUTEX-E5UH45R
-
gencode
61lo22hTYh4s
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80
-
Size
611KB
-
MD5
5c898dd2bc147ffad06ac8362d13614c
-
SHA1
8f8fc1e81ee69b12a06e256d7f0cdceea54d25dd
-
SHA256
e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80
-
SHA512
fcfb8dca28fe47b61f2b201ce160854a3c865aa0f049020a2e741df271772d3e0fd71ebb30fa85d2ad80bc3c0dc0c57183a977f5f4082afc4c240c9d6b06b650
-
SSDEEP
12288:LTqSnzWHA+m3S0fapaJehb2qTvxpGrLRRWDyw4tw+Unzyn6PPr:/qSn4mCSJS1v7GPUz4tYun6n
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-