General
-
Target
loader.exe
-
Size
6.6MB
-
Sample
240403-lvkgjabg4w
-
MD5
7ccb67211d3217bf81a5cba6646aa71e
-
SHA1
41ae6435dc0872ebffb2377175eac043c75aa47b
-
SHA256
4a6d7294cd902595eddc8888ef313abf4839b766e5aa3a7e1f7932396862ddc7
-
SHA512
91e1e343ef88167847f636cf90aa2aac9cd9c82520f4c4d3cffca072703f8067ec964f62b08a76a6f8350330a21ac8c7306b5cb603d0a8fef0353c47c1b5f43d
-
SSDEEP
98304:MQU/vazHb9LcFW5ifLq9yigKhlQUxqXR68lY2mzEn/HH3MW:MQqqiipQUxqXm2mzI/HXMW
Malware Config
Extracted
darkcomet
Guest16
23.27.245.112:443
DC_MUTEX-5SPHHX7
-
gencode
HqxpjeTgUiwn
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
loader.exe
-
Size
6.6MB
-
MD5
7ccb67211d3217bf81a5cba6646aa71e
-
SHA1
41ae6435dc0872ebffb2377175eac043c75aa47b
-
SHA256
4a6d7294cd902595eddc8888ef313abf4839b766e5aa3a7e1f7932396862ddc7
-
SHA512
91e1e343ef88167847f636cf90aa2aac9cd9c82520f4c4d3cffca072703f8067ec964f62b08a76a6f8350330a21ac8c7306b5cb603d0a8fef0353c47c1b5f43d
-
SSDEEP
98304:MQU/vazHb9LcFW5ifLq9yigKhlQUxqXR68lY2mzEn/HH3MW:MQqqiipQUxqXm2mzI/HXMW
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-