General
-
Target
530f7ced4a53a9523609c6a7a1acc89e831e530653bb690b05487a217d2fcc6d.exe
-
Size
2.8MB
-
Sample
241201-tqqrrawjdw
-
MD5
6d845955c67966fe45bc5c18ce252acc
-
SHA1
6c594dca66db83d9409d02a0c48a7ef7a859d10e
-
SHA256
530f7ced4a53a9523609c6a7a1acc89e831e530653bb690b05487a217d2fcc6d
-
SHA512
026516b797b4aa405a316d2a2f90a15c4e0ad3fe353c7451ad7c21039b201418de1b9ec8c2a648381ef5eb38a1c7e92842e58ee0bffd03b77ffd72503033a505
-
SSDEEP
49152:aELbVMTrOq4qQoJZdiyqcsxWjI9I/KTvUwhqh:a6b+f7QoPjIS/KTMwE
Behavioral task
behavioral1
Sample
530f7ced4a53a9523609c6a7a1acc89e831e530653bb690b05487a217d2fcc6d.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Guest16
kbotdarkorbit.no-ip.org:10
189.186.45.5:10
192.168.1.196:10
DC_MUTEX-RK3KJAL
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
CYK1BgXzzXZt
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
530f7ced4a53a9523609c6a7a1acc89e831e530653bb690b05487a217d2fcc6d.exe
-
Size
2.8MB
-
MD5
6d845955c67966fe45bc5c18ce252acc
-
SHA1
6c594dca66db83d9409d02a0c48a7ef7a859d10e
-
SHA256
530f7ced4a53a9523609c6a7a1acc89e831e530653bb690b05487a217d2fcc6d
-
SHA512
026516b797b4aa405a316d2a2f90a15c4e0ad3fe353c7451ad7c21039b201418de1b9ec8c2a648381ef5eb38a1c7e92842e58ee0bffd03b77ffd72503033a505
-
SSDEEP
49152:aELbVMTrOq4qQoJZdiyqcsxWjI9I/KTvUwhqh:a6b+f7QoPjIS/KTMwE
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3