General
-
Target
82dca3c497740155201cc439e429daca
-
Size
1.6MB
-
Sample
231226-wqpkssdecj
-
MD5
82dca3c497740155201cc439e429daca
-
SHA1
1140867caf5154b1643fc820a134254d6f7714b2
-
SHA256
da7997129263f41228f9bb5871d5cd89729bfe28e4bde1e3252fd3d5bed8523c
-
SHA512
321c19525f1a2b04d2f74537a632c336ad440cbe19ab915b8b3602357b2352e4a91e88d451f0b90c26ce21aaad72fb09a79d400afa7e937c56397f115164b7de
-
SSDEEP
24576:BKOM/uMQP600sErXzeeEqe9BXbSd90D0LcrBQgDON4PO/zFd2AynlN:C/uMQ90brjeeTAX6/gyN4W/zFd2
Static task
static1
Behavioral task
behavioral1
Sample
82dca3c497740155201cc439e429daca.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
82dca3c497740155201cc439e429daca.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
darkcomet
Sazan
laz22.duckdns.org:2222
DC_MUTEX-4UDC91U
-
InstallPath
DiscordCrash\DiscordCrash.exe
-
gencode
lPgqdPijmdCo
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
DiscordCrash
Targets
-
-
Target
82dca3c497740155201cc439e429daca
-
Size
1.6MB
-
MD5
82dca3c497740155201cc439e429daca
-
SHA1
1140867caf5154b1643fc820a134254d6f7714b2
-
SHA256
da7997129263f41228f9bb5871d5cd89729bfe28e4bde1e3252fd3d5bed8523c
-
SHA512
321c19525f1a2b04d2f74537a632c336ad440cbe19ab915b8b3602357b2352e4a91e88d451f0b90c26ce21aaad72fb09a79d400afa7e937c56397f115164b7de
-
SSDEEP
24576:BKOM/uMQP600sErXzeeEqe9BXbSd90D0LcrBQgDON4PO/zFd2AynlN:C/uMQ90brjeeTAX6/gyN4W/zFd2
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1