General
-
Target
a6969b2e391455b3131e023910776904
-
Size
742KB
-
Sample
240226-rwg1pagc94
-
MD5
a6969b2e391455b3131e023910776904
-
SHA1
1ba26e45966d81346e4d12a0941414bb8229f55c
-
SHA256
6dc2ef37a86f15cf2a29ca9aeb21a18a692875633716d002c184fc461befb27d
-
SHA512
dc34edbade37150cd9c63a790670f2b21a8a43b60b302adc5d881ab8b0dd68d5e71c7b3bc4282d7e0bcaf6744ad03f44b54d734ec92a02c918aaa60dfa502761
-
SSDEEP
12288:+y+opEZPrpfrnmqO8r/d7venrgAwDoikPJkYASdzKF/yl+beS3wpgkack5D2Zn7R:bOPrpfrmqZpbuMDUZA+c/7Z5qZ7kCIWp
Static task
static1
Behavioral task
behavioral1
Sample
a6969b2e391455b3131e023910776904.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Latest
fooroeling.zapto.org:1604
strullerool.zapto.org:1604
DC_MUTEX-WQSL928
-
InstallPath
FileManaging.exe
-
gencode
wKrptZU3QHh3
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Update
Targets
-
-
Target
a6969b2e391455b3131e023910776904
-
Size
742KB
-
MD5
a6969b2e391455b3131e023910776904
-
SHA1
1ba26e45966d81346e4d12a0941414bb8229f55c
-
SHA256
6dc2ef37a86f15cf2a29ca9aeb21a18a692875633716d002c184fc461befb27d
-
SHA512
dc34edbade37150cd9c63a790670f2b21a8a43b60b302adc5d881ab8b0dd68d5e71c7b3bc4282d7e0bcaf6744ad03f44b54d734ec92a02c918aaa60dfa502761
-
SSDEEP
12288:+y+opEZPrpfrnmqO8r/d7venrgAwDoikPJkYASdzKF/yl+beS3wpgkack5D2Zn7R:bOPrpfrmqZpbuMDUZA+c/7Z5qZ7kCIWp
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1