General
-
Target
a578a73206126c16a1e1e2a45d4c4d4b8cb878ffd293f749dab65292252b9b2b.exe
-
Size
742KB
-
Sample
241201-rv8f9atmdw
-
MD5
bd1e7ad6e631650ad2fe10011c9ab7fa
-
SHA1
16152018d004af3546bb759e12b29d4f4e8722bb
-
SHA256
a578a73206126c16a1e1e2a45d4c4d4b8cb878ffd293f749dab65292252b9b2b
-
SHA512
1dcc024c62132814af402b16afad201e15b97b16cfdf4beef8563aa97cd2d8635f441fb10a5747994c323de2d1a5f36f03dfa95d4e75bd506fb0a2d58d4f7876
-
SSDEEP
12288:UrAeSye4BLE0RnRO0GiAlQUZM6GR9jrHNCqZO0ZaF8RivkDOn7Ypca1oymIW2J8f:CAZyUNtiCK6c9jrtL8WnDAE2RIuws
Static task
static1
Behavioral task
behavioral1
Sample
a578a73206126c16a1e1e2a45d4c4d4b8cb878ffd293f749dab65292252b9b2b.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a578a73206126c16a1e1e2a45d4c4d4b8cb878ffd293f749dab65292252b9b2b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
darkcomet
Dragonica
192.168.0.13:1604
85.168.104.237:1604
DC_MUTEX-AE11EHH
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
3E1WoVyr3qxU
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
a578a73206126c16a1e1e2a45d4c4d4b8cb878ffd293f749dab65292252b9b2b.exe
-
Size
742KB
-
MD5
bd1e7ad6e631650ad2fe10011c9ab7fa
-
SHA1
16152018d004af3546bb759e12b29d4f4e8722bb
-
SHA256
a578a73206126c16a1e1e2a45d4c4d4b8cb878ffd293f749dab65292252b9b2b
-
SHA512
1dcc024c62132814af402b16afad201e15b97b16cfdf4beef8563aa97cd2d8635f441fb10a5747994c323de2d1a5f36f03dfa95d4e75bd506fb0a2d58d4f7876
-
SSDEEP
12288:UrAeSye4BLE0RnRO0GiAlQUZM6GR9jrHNCqZO0ZaF8RivkDOn7Ypca1oymIW2J8f:CAZyUNtiCK6c9jrtL8WnDAE2RIuws
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
3Hidden Files and Directories
3Modify Registry
2