General
-
Target
ab718fcb57351ec5b2f46f0c2c2eef32
-
Size
790KB
-
Sample
231227-kxsp9aaec4
-
MD5
ab718fcb57351ec5b2f46f0c2c2eef32
-
SHA1
d4ef970abfe7690f017e4afb90912697b944f28c
-
SHA256
7a2981129e321874b4b884e6b076ad4572c4dda7d79e38dc72631d2cb59b5ddf
-
SHA512
275b6d1e1dbf1b7bc8c6c94cb5a5fe24c45fd5c11ef3a86abb05bfdcbffcecd719ddb6194b2e61dd6aa632bcb065da9dd04be6ac6287bac2e068c0c99e16ac91
-
SSDEEP
12288:Q/QZSkluwskSefOHr8lh0eY2wo3T6+BgfzZtoj0+hf:QoZ5gwBSefOHIl/g+uUj0Of
Static task
static1
Behavioral task
behavioral1
Sample
ab718fcb57351ec5b2f46f0c2c2eef32.exe
Resource
win7-20231129-en
Malware Config
Extracted
darkcomet
Infected
86.105.212.245:7070
DC_MUTEX-Q587UYA
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
UwuTNWWTCqdV
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
ab718fcb57351ec5b2f46f0c2c2eef32
-
Size
790KB
-
MD5
ab718fcb57351ec5b2f46f0c2c2eef32
-
SHA1
d4ef970abfe7690f017e4afb90912697b944f28c
-
SHA256
7a2981129e321874b4b884e6b076ad4572c4dda7d79e38dc72631d2cb59b5ddf
-
SHA512
275b6d1e1dbf1b7bc8c6c94cb5a5fe24c45fd5c11ef3a86abb05bfdcbffcecd719ddb6194b2e61dd6aa632bcb065da9dd04be6ac6287bac2e068c0c99e16ac91
-
SSDEEP
12288:Q/QZSkluwskSefOHr8lh0eY2wo3T6+BgfzZtoj0+hf:QoZ5gwBSefOHIl/g+uUj0Of
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1