General
-
Target
a298d3c6875b0feb8e46237e58770c05
-
Size
853KB
-
Sample
240224-yf249acg78
-
MD5
a298d3c6875b0feb8e46237e58770c05
-
SHA1
313c0dc74092ecaff11886bd6a46180b060101bc
-
SHA256
11e4ec701aa7a97b97d299575dd92097d3ee52b5851afa6588f4e1220785b18d
-
SHA512
cbaaf8aa8d7607856724d573818b01e8e597e3c0891929163b845d6a8bbcf8afaea1287fbf52b6df98984c3681d31611e945ec9463e4cf3cc450cae00a3bba86
-
SSDEEP
12288:Ts98A+JZQQvMWFy2r0bDn5CX9yN1EO3/l3jZxfPgSWUiG9OelJ7y5g:498AiRr0bj5CX9ihl3jZtwUiCvJuu
Static task
static1
Behavioral task
behavioral1
Sample
a298d3c6875b0feb8e46237e58770c05.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Guest16
192.168.0.17:1604
DC_MUTEX-VKLVSXN
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
HZ0miCZbzc76
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
System32dll
Targets
-
-
Target
a298d3c6875b0feb8e46237e58770c05
-
Size
853KB
-
MD5
a298d3c6875b0feb8e46237e58770c05
-
SHA1
313c0dc74092ecaff11886bd6a46180b060101bc
-
SHA256
11e4ec701aa7a97b97d299575dd92097d3ee52b5851afa6588f4e1220785b18d
-
SHA512
cbaaf8aa8d7607856724d573818b01e8e597e3c0891929163b845d6a8bbcf8afaea1287fbf52b6df98984c3681d31611e945ec9463e4cf3cc450cae00a3bba86
-
SSDEEP
12288:Ts98A+JZQQvMWFy2r0bDn5CX9yN1EO3/l3jZxfPgSWUiG9OelJ7y5g:498AiRr0bj5CX9ihl3jZtwUiCvJuu
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1