General
-
Target
forge-1.20.1-47.1.12-installer.bin
-
Size
5.7MB
-
Sample
241215-av5a6aynh1
-
MD5
6d0b8a01ecfdf53f577e5c2a1da491ec
-
SHA1
846e02191e94c181de3b9f28a589860625af3d18
-
SHA256
18fb6ed230d147195ae6243f309bfa9aa8768e707819ddc362ff83f594f4f20c
-
SHA512
659940064f9493117aede8ecf8f3dfa2bf847368fa661e08cc27b0c22599ea36d6f0e3597f225a41a02105a03b409b8efd8e675f9468ca117b15a9500c98f3a0
-
SSDEEP
98304:G7M/HfSDrRAoX4xUi7y0t5w4y2cTt6G8hZbCdm/j02G+uyXYsro0UaGJb:QrHox0az+Ttj8zoQuQUVb
Static task
static1
Behavioral task
behavioral1
Sample
forge-1.20.1-47.1.12-installer.jar
Resource
win10ltsc2021-20241211-en
Malware Config
Extracted
darkcomet
GoogleDebugger
147.185.221.24:14161
RO_MUTEX-8HU43EZ
-
InstallPath
ChromeCookies\ChromeCookie.exe
-
gencode
WN0BLB8aPxBw
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
GoogleDebugJ
Targets
-
-
Target
forge-1.20.1-47.1.12-installer.bin
-
Size
5.7MB
-
MD5
6d0b8a01ecfdf53f577e5c2a1da491ec
-
SHA1
846e02191e94c181de3b9f28a589860625af3d18
-
SHA256
18fb6ed230d147195ae6243f309bfa9aa8768e707819ddc362ff83f594f4f20c
-
SHA512
659940064f9493117aede8ecf8f3dfa2bf847368fa661e08cc27b0c22599ea36d6f0e3597f225a41a02105a03b409b8efd8e675f9468ca117b15a9500c98f3a0
-
SSDEEP
98304:G7M/HfSDrRAoX4xUi7y0t5w4y2cTt6G8hZbCdm/j02G+uyXYsro0UaGJb:QrHox0az+Ttj8zoQuQUVb
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2