General
-
Target
a73f79df00e6c561c99cc1055977ad178647b474d5c8b8452f303f97734bbadd.exe
-
Size
304KB
-
Sample
241128-fbe5tasjhp
-
MD5
ea2ddaaac329669ede95d16a7ff66357
-
SHA1
f4f26458201d1376dfdefe8ce72449fe1137b40a
-
SHA256
a73f79df00e6c561c99cc1055977ad178647b474d5c8b8452f303f97734bbadd
-
SHA512
887c332c15104d41fe18c71ecb539c637981b125659ede04266a38e55365e1b7ca4a3b96bf530f5e7ccac5ac21c5d6560d6dcf5e273ea7bc5507307bdc7f8fb3
-
SSDEEP
6144:X2T/3If9vSuNT6woPu7pWil15P0Wrep5h05X/CpNWpyJoNCzZ:XQ3ICaEil16Cs5u1974N
Static task
static1
Behavioral task
behavioral1
Sample
a73f79df00e6c561c99cc1055977ad178647b474d5c8b8452f303f97734bbadd.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a73f79df00e6c561c99cc1055977ad178647b474d5c8b8452f303f97734bbadd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
darkcomet
Guest16_min
2.235.168.213:81
DCMIN_MUTEX-JSD8YH2
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
7fsLUSe9cMso
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
210978
Targets
-
-
Target
a73f79df00e6c561c99cc1055977ad178647b474d5c8b8452f303f97734bbadd.exe
-
Size
304KB
-
MD5
ea2ddaaac329669ede95d16a7ff66357
-
SHA1
f4f26458201d1376dfdefe8ce72449fe1137b40a
-
SHA256
a73f79df00e6c561c99cc1055977ad178647b474d5c8b8452f303f97734bbadd
-
SHA512
887c332c15104d41fe18c71ecb539c637981b125659ede04266a38e55365e1b7ca4a3b96bf530f5e7ccac5ac21c5d6560d6dcf5e273ea7bc5507307bdc7f8fb3
-
SSDEEP
6144:X2T/3If9vSuNT6woPu7pWil15P0Wrep5h05X/CpNWpyJoNCzZ:XQ3ICaEil16Cs5u1974N
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1