General
-
Target
0cb080c8fe1f959b91761bfda632078ea3f5b52a1b6ca8c8c5ea7ac8f2c1a20aN.exe
-
Size
742KB
-
Sample
241201-tzf9nszrek
-
MD5
cb59fc47fcd2ea6c4354d60230b67c50
-
SHA1
7416dd76ebd488b308d73d6d27dd1101a92e0772
-
SHA256
0cb080c8fe1f959b91761bfda632078ea3f5b52a1b6ca8c8c5ea7ac8f2c1a20a
-
SHA512
1c103d9a11cb38543d2f83d254b1465898127ac1e29a34c6b98c8b77685aa48bf2c8a99e697a794403c67fa3bccd6386273697844734fba4023d9f46b82db29e
-
SSDEEP
12288:UrAeSye4BLE0RnRO0GiAlQUZM6GR9jrHNCqZO0ZaF8RivkDOn7Ypca1oymIW2J83:CAZyUNtiCK6c9jrtL8WnDAE2RIuws
Static task
static1
Behavioral task
behavioral1
Sample
0cb080c8fe1f959b91761bfda632078ea3f5b52a1b6ca8c8c5ea7ac8f2c1a20aN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0cb080c8fe1f959b91761bfda632078ea3f5b52a1b6ca8c8c5ea7ac8f2c1a20aN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
darkcomet
Dragonica
192.168.0.13:1604
85.168.104.237:1604
DC_MUTEX-AE11EHH
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
3E1WoVyr3qxU
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
0cb080c8fe1f959b91761bfda632078ea3f5b52a1b6ca8c8c5ea7ac8f2c1a20aN.exe
-
Size
742KB
-
MD5
cb59fc47fcd2ea6c4354d60230b67c50
-
SHA1
7416dd76ebd488b308d73d6d27dd1101a92e0772
-
SHA256
0cb080c8fe1f959b91761bfda632078ea3f5b52a1b6ca8c8c5ea7ac8f2c1a20a
-
SHA512
1c103d9a11cb38543d2f83d254b1465898127ac1e29a34c6b98c8b77685aa48bf2c8a99e697a794403c67fa3bccd6386273697844734fba4023d9f46b82db29e
-
SSDEEP
12288:UrAeSye4BLE0RnRO0GiAlQUZM6GR9jrHNCqZO0ZaF8RivkDOn7Ypca1oymIW2J83:CAZyUNtiCK6c9jrtL8WnDAE2RIuws
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
3Hidden Files and Directories
3Modify Registry
2