General
-
Target
27a57d1fca8d099b7876b56c82c5d88d
-
Size
660KB
-
Sample
231231-esfbgaagg6
-
MD5
27a57d1fca8d099b7876b56c82c5d88d
-
SHA1
7ef8df1692fb110fe3adaa3fd94e6b1a483c0244
-
SHA256
ad3b7f8850afcbe69d1ebc88cfbe86a208fc0620e7a00079ee0e32446c7257f5
-
SHA512
15b7213699c19b23ca42be95f7db12cd23e1b67532642072fcdb1bb4246b2c24dec73ac69b01966d5b0135223c1bbf4d29a51435dc973659ebe6efb8c49749e3
-
SSDEEP
12288:wX2JVHMRtDaSm3TJvVNvWV5YTsY7tHwbz/htfcoCoK632zb7G/Q0e:2ss2Sm39NNv9wY7tHwbzfIoK6MoG
Behavioral task
behavioral1
Sample
27a57d1fca8d099b7876b56c82c5d88d.exe
Resource
win7-20231215-en
Malware Config
Extracted
darkcomet
777
mandoo.no-ip.org:3366
DC_MUTEX-7UAXXG6
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
hvljDtRVRRkE
-
install
true
-
offline_keylogger
true
-
password
1443813678
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
27a57d1fca8d099b7876b56c82c5d88d
-
Size
660KB
-
MD5
27a57d1fca8d099b7876b56c82c5d88d
-
SHA1
7ef8df1692fb110fe3adaa3fd94e6b1a483c0244
-
SHA256
ad3b7f8850afcbe69d1ebc88cfbe86a208fc0620e7a00079ee0e32446c7257f5
-
SHA512
15b7213699c19b23ca42be95f7db12cd23e1b67532642072fcdb1bb4246b2c24dec73ac69b01966d5b0135223c1bbf4d29a51435dc973659ebe6efb8c49749e3
-
SSDEEP
12288:wX2JVHMRtDaSm3TJvVNvWV5YTsY7tHwbz/htfcoCoK632zb7G/Q0e:2ss2Sm39NNv9wY7tHwbzfIoK6MoG
-
Modifies WinLogon for persistence
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1