General
-
Target
24628b984b3ffc419280b75cc4b7a44e4dcfa2ef836aa6d6b36e01787bccc034N.exe
-
Size
891KB
-
Sample
241130-ems1dawkbq
-
MD5
296716d3fe38809cd1b25f46da59dd90
-
SHA1
3bc6aea87cf33d17f71ce91118f5257338288835
-
SHA256
24628b984b3ffc419280b75cc4b7a44e4dcfa2ef836aa6d6b36e01787bccc034
-
SHA512
307ebc7c641ec073c2a7ed42310e6a07d5c454825c445704f57298c0b64fe7e871bb7e846613216197ee1f9221486d462be390fd56352bee5675d4b2ec02b6fa
-
SSDEEP
24576:9fHK4ne0H220E81P/RQmKEhQSt+TrLQse4xoQQZn:dXl3eb1g1CQQ
Static task
static1
Behavioral task
behavioral1
Sample
24628b984b3ffc419280b75cc4b7a44e4dcfa2ef836aa6d6b36e01787bccc034N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
24628b984b3ffc419280b75cc4b7a44e4dcfa2ef836aa6d6b36e01787bccc034N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
24628b984b3ffc419280b75cc4b7a44e4dcfa2ef836aa6d6b36e01787bccc034N.exe
-
Size
891KB
-
MD5
296716d3fe38809cd1b25f46da59dd90
-
SHA1
3bc6aea87cf33d17f71ce91118f5257338288835
-
SHA256
24628b984b3ffc419280b75cc4b7a44e4dcfa2ef836aa6d6b36e01787bccc034
-
SHA512
307ebc7c641ec073c2a7ed42310e6a07d5c454825c445704f57298c0b64fe7e871bb7e846613216197ee1f9221486d462be390fd56352bee5675d4b2ec02b6fa
-
SSDEEP
24576:9fHK4ne0H220E81P/RQmKEhQSt+TrLQse4xoQQZn:dXl3eb1g1CQQ
Score10/10-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1