General
-
Target
İcespoofer®.exe
-
Size
266KB
-
Sample
240119-n9hbtsdebk
-
MD5
5fe7370d405c4a98bc87e031d28baccb
-
SHA1
49f14dceb36ab66cb78111e9f7fa5b763d949555
-
SHA256
07fda6f39b01914b60f2843c52a0671bdbdf6db2ec9732b8701c29b4e98a27ff
-
SHA512
6d4c27de20a1020e3f68aa7e9820aab4209d90d6e5bf9a0254bf15e167033bdcfaf2c00b08b37c426008da74dba495e0277d59f589bb9dc042e559c2a0f3f7f2
-
SSDEEP
6144:EcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37M:EcW7KEZlPzCy37
Behavioral task
behavioral1
Sample
İcespoofer®.exe
Resource
win7-20231215-en
Malware Config
Extracted
darkcomet
Kurban
tr3.localto.net:45797
DC_MUTEX-BAXXEKF
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
K6r5XHNMqZyt
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Windows Health Services
Targets
-
-
Target
İcespoofer®.exe
-
Size
266KB
-
MD5
5fe7370d405c4a98bc87e031d28baccb
-
SHA1
49f14dceb36ab66cb78111e9f7fa5b763d949555
-
SHA256
07fda6f39b01914b60f2843c52a0671bdbdf6db2ec9732b8701c29b4e98a27ff
-
SHA512
6d4c27de20a1020e3f68aa7e9820aab4209d90d6e5bf9a0254bf15e167033bdcfaf2c00b08b37c426008da74dba495e0277d59f589bb9dc042e559c2a0f3f7f2
-
SSDEEP
6144:EcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37M:EcW7KEZlPzCy37
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2