General
-
Target
ce6de8599b565fddf67ee026ee4bc285
-
Size
232KB
-
Sample
240316-s6mvcsfh73
-
MD5
ce6de8599b565fddf67ee026ee4bc285
-
SHA1
a6045faafaecb660b65d45759b13a38ea2a7ce23
-
SHA256
427f8b826a8cc9e9059fcd956636a37a6aab8a3162b1ad1a3cc24752f6e8f351
-
SHA512
192e3ce197a090904d5e3838eb411e38097c20d5d7efbc6d055140fcc88e0a4cef78293e8c1c9c8abaeec55f075e17456e7607b7eaad1ed3b87866aa648d2a71
-
SSDEEP
3072:SNztnBlBp9ALvNKMKWqXs8NqU+xwDbUe2WpZJmXHB8zrYqHphTfBsbOEU0+rDGLh:SNJfRAzNK5W/1WRmR4r7JhuyE8wPQ
Static task
static1
Behavioral task
behavioral1
Sample
ce6de8599b565fddf67ee026ee4bc285.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
Guest16
trackingservice.zapto.org:1604
DC_MUTEX-Q0QBNJA
-
InstallPath
Windupdt\winupdate.exe
-
gencode
ujn2qDPvmCGP
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
winupdater
Extracted
latentbot
trackingservice.zapto.org
Targets
-
-
Target
ce6de8599b565fddf67ee026ee4bc285
-
Size
232KB
-
MD5
ce6de8599b565fddf67ee026ee4bc285
-
SHA1
a6045faafaecb660b65d45759b13a38ea2a7ce23
-
SHA256
427f8b826a8cc9e9059fcd956636a37a6aab8a3162b1ad1a3cc24752f6e8f351
-
SHA512
192e3ce197a090904d5e3838eb411e38097c20d5d7efbc6d055140fcc88e0a4cef78293e8c1c9c8abaeec55f075e17456e7607b7eaad1ed3b87866aa648d2a71
-
SSDEEP
3072:SNztnBlBp9ALvNKMKWqXs8NqU+xwDbUe2WpZJmXHB8zrYqHphTfBsbOEU0+rDGLh:SNJfRAzNK5W/1WRmR4r7JhuyE8wPQ
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1