General
-
Target
7834fcbf6afbd23b8c94d2374b1ff4f07576110f5a06ee62c96b9c745df3dbedN.exe
-
Size
621KB
-
Sample
241208-fm8lhatpfz
-
MD5
c940561721d0f3ba4ecdc6f75254d860
-
SHA1
e76448bc9374bca193ce44e7c8b45a97f99c586b
-
SHA256
7834fcbf6afbd23b8c94d2374b1ff4f07576110f5a06ee62c96b9c745df3dbed
-
SHA512
1a513a17810602990dc1f84e51958cdb874450b889343c5f2a5a0a643ccd0e198cf1a22aaebf99b9b83a49295cbf7164023bb305979280b32245d53af0a51d4b
-
SSDEEP
12288:fYQTKiAEfn2fQ2xDtiKU/MZEfzadOh0LvxZYDiI5tYMgz2R:VO4Yi6EfzaYh0Twj5ufzG
Static task
static1
Behavioral task
behavioral1
Sample
7834fcbf6afbd23b8c94d2374b1ff4f07576110f5a06ee62c96b9c745df3dbedN.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Guest16
davaydavay123.no-ip.org:1610
DC_MUTEX-JZVHV5Z
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
lV69QiAKlk5T
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
7834fcbf6afbd23b8c94d2374b1ff4f07576110f5a06ee62c96b9c745df3dbedN.exe
-
Size
621KB
-
MD5
c940561721d0f3ba4ecdc6f75254d860
-
SHA1
e76448bc9374bca193ce44e7c8b45a97f99c586b
-
SHA256
7834fcbf6afbd23b8c94d2374b1ff4f07576110f5a06ee62c96b9c745df3dbed
-
SHA512
1a513a17810602990dc1f84e51958cdb874450b889343c5f2a5a0a643ccd0e198cf1a22aaebf99b9b83a49295cbf7164023bb305979280b32245d53af0a51d4b
-
SSDEEP
12288:fYQTKiAEfn2fQ2xDtiKU/MZEfzadOh0LvxZYDiI5tYMgz2R:VO4Yi6EfzaYh0Twj5ufzG
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1