General
-
Target
e78da21d88d678da382cf9f10be55d75ce6f5d438fc2bb6471f82a51575ae1ca
-
Size
1.1MB
-
Sample
240414-c85j7ade62
-
MD5
e88bab5d7caf5f30f87e56fce21b8eb4
-
SHA1
32bf71fcec9a64e9d8adf36201b15803a9d5812d
-
SHA256
e78da21d88d678da382cf9f10be55d75ce6f5d438fc2bb6471f82a51575ae1ca
-
SHA512
7cff1f10c83247257d30508ac9d8aa6a12bd1f536bcc3aee95b61144584d839e350d38f3fc1cf11b4b1da6530e5191291af1bfdbf8c906e124b7abcf14e5f3e1
-
SSDEEP
24576:mJwXnr79xF09allHpm/rhUZqACJy5aGU:mu3rl7PmThVAOycGU
Static task
static1
Behavioral task
behavioral1
Sample
e78da21d88d678da382cf9f10be55d75ce6f5d438fc2bb6471f82a51575ae1ca.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcomet
crypter
184.144.223.8:51800
overcrash.no-ip.biz:51800
DC_MUTEX-E5P79CY
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
7LSrP3sXvcog
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
e78da21d88d678da382cf9f10be55d75ce6f5d438fc2bb6471f82a51575ae1ca
-
Size
1.1MB
-
MD5
e88bab5d7caf5f30f87e56fce21b8eb4
-
SHA1
32bf71fcec9a64e9d8adf36201b15803a9d5812d
-
SHA256
e78da21d88d678da382cf9f10be55d75ce6f5d438fc2bb6471f82a51575ae1ca
-
SHA512
7cff1f10c83247257d30508ac9d8aa6a12bd1f536bcc3aee95b61144584d839e350d38f3fc1cf11b4b1da6530e5191291af1bfdbf8c906e124b7abcf14e5f3e1
-
SSDEEP
24576:mJwXnr79xF09allHpm/rhUZqACJy5aGU:mu3rl7PmThVAOycGU
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1