General
-
Target
03428e1b9f524d36ba8363eacfed20aee9a03651e0f85827b6d5452b6e4c84baN.exe
-
Size
5.3MB
-
Sample
241207-zxsskstlgx
-
MD5
c13d6d5a9aa229499ee0ff1f698a2ee0
-
SHA1
2a7ac214047525c963cfd8d1be692c50bdbb9c46
-
SHA256
03428e1b9f524d36ba8363eacfed20aee9a03651e0f85827b6d5452b6e4c84ba
-
SHA512
5c9e4b30dbd6c5414ea04a70b109e6dc9f8287affe014e47ed0797ff63ac904223751557e44bff99cf8ecfce3c8b748cef55c1d3db88905431f4049039042059
-
SSDEEP
98304:aOQGc830HeOIk0ons6U523lPWZIERFog7icldle+HJFD4:hrj30qkXnsr2YIIog7if+HJFs
Static task
static1
Behavioral task
behavioral1
Sample
03428e1b9f524d36ba8363eacfed20aee9a03651e0f85827b6d5452b6e4c84baN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
03428e1b9f524d36ba8363eacfed20aee9a03651e0f85827b6d5452b6e4c84baN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
darkcomet
GoogleDebugger
147.185.221.24:14161
RO_MUTEX-8HU43EZ
-
InstallPath
ChromeCookies\ChromeCookie.exe
-
gencode
WN0BLB8aPxBw
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
GoogleDebugJ
Targets
-
-
Target
03428e1b9f524d36ba8363eacfed20aee9a03651e0f85827b6d5452b6e4c84baN.exe
-
Size
5.3MB
-
MD5
c13d6d5a9aa229499ee0ff1f698a2ee0
-
SHA1
2a7ac214047525c963cfd8d1be692c50bdbb9c46
-
SHA256
03428e1b9f524d36ba8363eacfed20aee9a03651e0f85827b6d5452b6e4c84ba
-
SHA512
5c9e4b30dbd6c5414ea04a70b109e6dc9f8287affe014e47ed0797ff63ac904223751557e44bff99cf8ecfce3c8b748cef55c1d3db88905431f4049039042059
-
SSDEEP
98304:aOQGc830HeOIk0ons6U523lPWZIERFog7icldle+HJFD4:hrj30qkXnsr2YIIog7if+HJFs
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2