General
-
Target
po.com
-
Size
349KB
-
Sample
240522-xg13xacg33
-
MD5
7322122846be9637275020846c5fb0d2
-
SHA1
9371a70b37bf64ed384402de39884fc0b447d48c
-
SHA256
fc3a88295fb3cbbbe8d2e67851ac49e0da3096e36687520bd79fca58381b1df6
-
SHA512
67db69454b461c016d733e2040a7e9f1fe008f8a9f47fd7ac8c79961301f26308d1d987a8218078482ca64ad1f1032f55e36a635e4ec9169bc99a62a78b04303
-
SSDEEP
6144:lcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37cZdA:lcW7KEZlPzCy37c
Behavioral task
behavioral1
Sample
po.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
out.exe
Resource
win7-20240508-en
Malware Config
Extracted
darkcomet
TEST VITVIM
donm.zapto.org:4026
DC_MUTEX-M2GTPUP
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
dytuNwlYgVU6
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
po.com
-
Size
349KB
-
MD5
7322122846be9637275020846c5fb0d2
-
SHA1
9371a70b37bf64ed384402de39884fc0b447d48c
-
SHA256
fc3a88295fb3cbbbe8d2e67851ac49e0da3096e36687520bd79fca58381b1df6
-
SHA512
67db69454b461c016d733e2040a7e9f1fe008f8a9f47fd7ac8c79961301f26308d1d987a8218078482ca64ad1f1032f55e36a635e4ec9169bc99a62a78b04303
-
SSDEEP
6144:lcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37cZdA:lcW7KEZlPzCy37c
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
out.upx
-
Size
756KB
-
MD5
3ab9f6a2b2cc92b4a3137c7c7c6c19db
-
SHA1
ff0049cc29d6bd3420ba8d1296bb1ba5192bfa3f
-
SHA256
28db08b0fc40293da4ece8dd7ca8c952fa54aa2008a11b7237fef2993b4fad0c
-
SHA512
f4340caeabd0193e88b91f569cf97fb13c5bc6d49b269dde0f1435f8f0ec3673ecb9442db96eab53cef06133c213313af315fcf3ecae0c714408a8a4aaeba06e
-
SSDEEP
12288:49HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9EkNC/:sZ1xuVVjfFoynPaVBUR8f+kN10Ed
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1