General

  • Target

    3cea831e258d85288e46549b971fd07bb305652abceaf3bef7725145f39368c2

  • Size

    521KB

  • Sample

    210921-khlcmabefr

  • MD5

    b61d3fed042adb8672c5cd6def461489

  • SHA1

    3c479375f2ca5ad75c371133bf753808078e5b85

  • SHA256

    3cea831e258d85288e46549b971fd07bb305652abceaf3bef7725145f39368c2

  • SHA512

    1e34a7516b6bd87f5a9d5f73f56e1aa68d4636f206e0fdaa6490fcbc1cfbf9847e437de962f4ac495797c8818650ebe2668f7bcb30fe8f082fa3ed41654509d3

Malware Config

Targets

    • Target

      3cea831e258d85288e46549b971fd07bb305652abceaf3bef7725145f39368c2

    • Size

      521KB

    • MD5

      b61d3fed042adb8672c5cd6def461489

    • SHA1

      3c479375f2ca5ad75c371133bf753808078e5b85

    • SHA256

      3cea831e258d85288e46549b971fd07bb305652abceaf3bef7725145f39368c2

    • SHA512

      1e34a7516b6bd87f5a9d5f73f56e1aa68d4636f206e0fdaa6490fcbc1cfbf9847e437de962f4ac495797c8818650ebe2668f7bcb30fe8f082fa3ed41654509d3

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Tasks