General
-
Target
8795a5b03ecbfefd9c2e72479025c3dde14313b04985ade80bf2eb21fff12366
-
Size
1.2MB
-
Sample
240802-31y1jszgnh
-
MD5
3dc8ca829ea4639a0d78f05ae481eec0
-
SHA1
02bf8b9d26be7be2727bf980b5eb1e5e1c29bd0d
-
SHA256
8795a5b03ecbfefd9c2e72479025c3dde14313b04985ade80bf2eb21fff12366
-
SHA512
5162ee7aaaeabaf66280621bb239f47d3f8e66bc5fa9fee06083c60b9a7f5c27aa66b08dedca083e0e913ca8a9145e951c495fa327c31f822977243b46de8732
-
SSDEEP
24576:KSY88f02Q1HCEWN2ZIOlWZelqxKR8MdjGUZWXABvz5nhj6Mcg8:z88FCEHwxKliUZvBvphtP
Static task
static1
Behavioral task
behavioral1
Sample
8795a5b03ecbfefd9c2e72479025c3dde14313b04985ade80bf2eb21fff12366.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
dcdofus.no-ip.org:1604
DC_MUTEX-1U9K2TB
-
InstallPath
MSDCSC\WindowsUpdate.exe
-
gencode
TpN7E6aa2nhN
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
WindowsUpdate
Targets
-
-
Target
8795a5b03ecbfefd9c2e72479025c3dde14313b04985ade80bf2eb21fff12366
-
Size
1.2MB
-
MD5
3dc8ca829ea4639a0d78f05ae481eec0
-
SHA1
02bf8b9d26be7be2727bf980b5eb1e5e1c29bd0d
-
SHA256
8795a5b03ecbfefd9c2e72479025c3dde14313b04985ade80bf2eb21fff12366
-
SHA512
5162ee7aaaeabaf66280621bb239f47d3f8e66bc5fa9fee06083c60b9a7f5c27aa66b08dedca083e0e913ca8a9145e951c495fa327c31f822977243b46de8732
-
SSDEEP
24576:KSY88f02Q1HCEWN2ZIOlWZelqxKR8MdjGUZWXABvz5nhj6Mcg8:z88FCEHwxKliUZvBvphtP
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1