General
-
Target
6cdbdd6aafe20b82c8fd000181386e90
-
Size
309KB
-
Sample
240121-kmsbqsace7
-
MD5
6cdbdd6aafe20b82c8fd000181386e90
-
SHA1
0f43318e1b505b7810e8684c7a2f900d39a70098
-
SHA256
a6fcef7f8c8fabeff5a2423aacef205611003a8481c47a238ab32683784909c3
-
SHA512
9d28a5a4d6ebb375655075f9ea870ade5385354725252c9070967908f6c59958920d7ab4f201ad34b9527364e0191d92c14a7b8926f00a14cfb43cbab57d9d9f
-
SSDEEP
6144:kbl2MQpS9cX5punAqosfrVzbN/2W3gt53uLEmmpK44YFNxQ2SYc:kb01EapjqdN/LS5+LE1pK44YLnY
Behavioral task
behavioral1
Sample
6cdbdd6aafe20b82c8fd000181386e90.exe
Resource
win7-20231129-en
Malware Config
Extracted
darkcomet
chi
cute.no-ip.org:1604
DC_MUTEX-AQVMBA6
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
uHpjeDbE2NpN
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
6cdbdd6aafe20b82c8fd000181386e90
-
Size
309KB
-
MD5
6cdbdd6aafe20b82c8fd000181386e90
-
SHA1
0f43318e1b505b7810e8684c7a2f900d39a70098
-
SHA256
a6fcef7f8c8fabeff5a2423aacef205611003a8481c47a238ab32683784909c3
-
SHA512
9d28a5a4d6ebb375655075f9ea870ade5385354725252c9070967908f6c59958920d7ab4f201ad34b9527364e0191d92c14a7b8926f00a14cfb43cbab57d9d9f
-
SSDEEP
6144:kbl2MQpS9cX5punAqosfrVzbN/2W3gt53uLEmmpK44YFNxQ2SYc:kb01EapjqdN/LS5+LE1pK44YLnY
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1