General
-
Target
cdca6cf1adac7a1b0e924e6588b9e096
-
Size
699KB
-
Sample
240316-l86xpagh2v
-
MD5
cdca6cf1adac7a1b0e924e6588b9e096
-
SHA1
1f0be53bbda5739eea99a8bce2f7602e17ff269e
-
SHA256
c9b37efc16b190f11f7607ace2a8f5b60639b716a72321fc3aada925c53aa7ed
-
SHA512
cfccc676c2808c4461846253fc44dd6cc46a7358357822863f967e5e1b1badb51052e4aefa2f9f371d92661be9de01739a33d3da5eae556f66feb1ad79f5a0a3
-
SSDEEP
12288:vsOW6Q4OWz9h8T+t7bzyHew18LpuVKxTlQrrq+3r5VuGBBNjZfRzV:hW6VXRhVbzyfyR0qMXNjBRZ
Static task
static1
Behavioral task
behavioral1
Sample
cdca6cf1adac7a1b0e924e6588b9e096.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Guest16
185.113.208.205:1604
DC_MUTEX-UCGJZEA
-
InstallPath
NvidiaGraphicSys.exe
-
gencode
Hdnr2tMwrvAj
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Nvidia Graphics
Targets
-
-
Target
cdca6cf1adac7a1b0e924e6588b9e096
-
Size
699KB
-
MD5
cdca6cf1adac7a1b0e924e6588b9e096
-
SHA1
1f0be53bbda5739eea99a8bce2f7602e17ff269e
-
SHA256
c9b37efc16b190f11f7607ace2a8f5b60639b716a72321fc3aada925c53aa7ed
-
SHA512
cfccc676c2808c4461846253fc44dd6cc46a7358357822863f967e5e1b1badb51052e4aefa2f9f371d92661be9de01739a33d3da5eae556f66feb1ad79f5a0a3
-
SSDEEP
12288:vsOW6Q4OWz9h8T+t7bzyHew18LpuVKxTlQrrq+3r5VuGBBNjZfRzV:hW6VXRhVbzyfyR0qMXNjBRZ
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1