General
-
Target
a795587152419b35c1880ba782688016
-
Size
1.3MB
-
Sample
240226-232zjsaf45
-
MD5
a795587152419b35c1880ba782688016
-
SHA1
4701178e52fd1b14ae483dd69a89dd506b6cdfeb
-
SHA256
452d8b86f670b835aad15c6cfc8a318b3ea378de24040e95a917aef4674ccd9d
-
SHA512
1e63e14735f9af1dd94f67a9c0037d500008836f38742063e3e2fedd7fcbdab62447cc8178731d8c5380a45721a722da1697f15c62e082f1be54ab8894f4884e
-
SSDEEP
24576:iQg65nDiUy93pcpA/7ymBGDEIda6VXj4a2f9v4zmgQnkYag5Hom5pzvnenYEs:iQgMXy95uAToEIda6eag4zmIYaeHtpyi
Static task
static1
Behavioral task
behavioral1
Sample
a795587152419b35c1880ba782688016.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a795587152419b35c1880ba782688016.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
darkcomet
Guest16
colorlife.no-ip.biz:1604
DC_MUTEX-PZSNDRX
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Z4l2FD0l43nV
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
a795587152419b35c1880ba782688016
-
Size
1.3MB
-
MD5
a795587152419b35c1880ba782688016
-
SHA1
4701178e52fd1b14ae483dd69a89dd506b6cdfeb
-
SHA256
452d8b86f670b835aad15c6cfc8a318b3ea378de24040e95a917aef4674ccd9d
-
SHA512
1e63e14735f9af1dd94f67a9c0037d500008836f38742063e3e2fedd7fcbdab62447cc8178731d8c5380a45721a722da1697f15c62e082f1be54ab8894f4884e
-
SSDEEP
24576:iQg65nDiUy93pcpA/7ymBGDEIda6VXj4a2f9v4zmgQnkYag5Hom5pzvnenYEs:iQgMXy95uAToEIda6eag4zmIYaeHtpyi
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1