General
-
Target
68e9767a80e49cdbca8e6d8cb26867aa
-
Size
3.9MB
-
Sample
240119-3heh7agaf6
-
MD5
68e9767a80e49cdbca8e6d8cb26867aa
-
SHA1
b6125fdec846e62cde9d65b6af224d9495cd190d
-
SHA256
f91fa2953c6f7d35429a38ff474e1345da76a29c7a90c1c9b9380d9b09d8eead
-
SHA512
510f4a2d309a3fdbcf40e4652b7ad5402a57fd11bd03a4966fb66c0ecf6ce49c93680d49a18afa99cc31871ac0381ccb64bc39d912f2c16d7f43161042cf7220
-
SSDEEP
98304:fnsmtk2aqEIPmLgtC47Ik66NWtZdtzJ9RLkC3COU:vLG8mcA+IJpDV3M
Static task
static1
Behavioral task
behavioral1
Sample
68e9767a80e49cdbca8e6d8cb26867aa.exe
Resource
win7-20231215-en
Malware Config
Extracted
darkcomet
Main
whp.sytes.net:1157
DC_MUTEX-Z0KBHP5
-
InstallPath
MSDCSC\main.exe
-
gencode
6SFPopLHSquT
-
install
true
-
offline_keylogger
true
-
password
123
-
persistence
true
-
reg_key
main
Targets
-
-
Target
68e9767a80e49cdbca8e6d8cb26867aa
-
Size
3.9MB
-
MD5
68e9767a80e49cdbca8e6d8cb26867aa
-
SHA1
b6125fdec846e62cde9d65b6af224d9495cd190d
-
SHA256
f91fa2953c6f7d35429a38ff474e1345da76a29c7a90c1c9b9380d9b09d8eead
-
SHA512
510f4a2d309a3fdbcf40e4652b7ad5402a57fd11bd03a4966fb66c0ecf6ce49c93680d49a18afa99cc31871ac0381ccb64bc39d912f2c16d7f43161042cf7220
-
SSDEEP
98304:fnsmtk2aqEIPmLgtC47Ik66NWtZdtzJ9RLkC3COU:vLG8mcA+IJpDV3M
-
Modifies WinLogon for persistence
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1