General
-
Target
43073226301eeeb038faa18c034a87a396544f0b7e96d8999a74369a5847cf09
-
Size
1.1MB
-
Sample
240314-xsr95scd8v
-
MD5
8cae7b7712c8db2a4896e15635953d93
-
SHA1
aa362e6fb974dd0d2e0322d3c9c076c842765823
-
SHA256
43073226301eeeb038faa18c034a87a396544f0b7e96d8999a74369a5847cf09
-
SHA512
f5f83ab8fd44c08d2c33b3bd8a1197737fdcda03985acdd218f414cfd40359257cf4df3f7c62a8ad435c983fcd9445a45dd9d3fef8d7e3bad521f3493d478e8d
-
SSDEEP
24576:9Z1xuVVjfFoynPaVBUR8f+kN10EdcESg2WfrG31X:HQDgok30bESg9frGX
Behavioral task
behavioral1
Sample
43073226301eeeb038faa18c034a87a396544f0b7e96d8999a74369a5847cf09.exe
Resource
win7-20240215-en
Malware Config
Extracted
darkcomet
Guest16
46.148.21.34:3128
DC_MUTEX-5NGFKSE
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
5KiVbE9BkMJo
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
43073226301eeeb038faa18c034a87a396544f0b7e96d8999a74369a5847cf09
-
Size
1.1MB
-
MD5
8cae7b7712c8db2a4896e15635953d93
-
SHA1
aa362e6fb974dd0d2e0322d3c9c076c842765823
-
SHA256
43073226301eeeb038faa18c034a87a396544f0b7e96d8999a74369a5847cf09
-
SHA512
f5f83ab8fd44c08d2c33b3bd8a1197737fdcda03985acdd218f414cfd40359257cf4df3f7c62a8ad435c983fcd9445a45dd9d3fef8d7e3bad521f3493d478e8d
-
SSDEEP
24576:9Z1xuVVjfFoynPaVBUR8f+kN10EdcESg2WfrG31X:HQDgok30bESg9frGX
-
Modifies WinLogon for persistence
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1