General
-
Target
a3f36a4527abd8e1bd4dcf0185d76c5b6715cbf7d02ea17c72decf5c4e42e74d
-
Size
302KB
-
Sample
240518-br42nade3v
-
MD5
c612ab5b8fd7121be5de86f236165256
-
SHA1
8ae7f79d06378c6ae313905ac81454088a9b7b8f
-
SHA256
a3f36a4527abd8e1bd4dcf0185d76c5b6715cbf7d02ea17c72decf5c4e42e74d
-
SHA512
b9bffc385abc999e5d3f1d3d643d4771113deb98b685f92885960a524cf5b652298274038ff441ccec7b29f536ccb17c2da051c54d8c6db569ae0b62c95d1cfe
-
SSDEEP
6144:tljew4Hr0L0tSldQqzCXkg5dbI+YyUjI7ODNol012jW71w8:CprbtQdNC0EbPYyUj9OqZ7j
Static task
static1
Behavioral task
behavioral1
Sample
a3f36a4527abd8e1bd4dcf0185d76c5b6715cbf7d02ea17c72decf5c4e42e74d.exe
Resource
win7-20240220-en
Malware Config
Extracted
darkcomet
Andrei
andreibgg.sytes.net:27050
DC_MUTEX-HGAV3Q6
-
gencode
S0X2ru4blbmE
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
a3f36a4527abd8e1bd4dcf0185d76c5b6715cbf7d02ea17c72decf5c4e42e74d
-
Size
302KB
-
MD5
c612ab5b8fd7121be5de86f236165256
-
SHA1
8ae7f79d06378c6ae313905ac81454088a9b7b8f
-
SHA256
a3f36a4527abd8e1bd4dcf0185d76c5b6715cbf7d02ea17c72decf5c4e42e74d
-
SHA512
b9bffc385abc999e5d3f1d3d643d4771113deb98b685f92885960a524cf5b652298274038ff441ccec7b29f536ccb17c2da051c54d8c6db569ae0b62c95d1cfe
-
SSDEEP
6144:tljew4Hr0L0tSldQqzCXkg5dbI+YyUjI7ODNol012jW71w8:CprbtQdNC0EbPYyUj9OqZ7j
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-