General

  • Target

    a7c4aae68e13b16ed7d916ba7cde189381e597934b05a26d113a97c8ae8afdbf

  • Size

    520KB

  • Sample

    210923-j6j9ssbbal

  • MD5

    452b72638cf014d97a9b5a219e4685f9

  • SHA1

    df7b8e92163dfe5bcfd1f1f8ea832d5c655d457c

  • SHA256

    a7c4aae68e13b16ed7d916ba7cde189381e597934b05a26d113a97c8ae8afdbf

  • SHA512

    a30e2cb3bbe1138bf148dcca0187c366f60b064115820b5848f2f177aafbfd97cc3ed2d301ff3dd53001e46337b97595f7df6a014aa3c3ebc69628f22d03623f

Malware Config

Targets

    • Target

      a7c4aae68e13b16ed7d916ba7cde189381e597934b05a26d113a97c8ae8afdbf

    • Size

      520KB

    • MD5

      452b72638cf014d97a9b5a219e4685f9

    • SHA1

      df7b8e92163dfe5bcfd1f1f8ea832d5c655d457c

    • SHA256

      a7c4aae68e13b16ed7d916ba7cde189381e597934b05a26d113a97c8ae8afdbf

    • SHA512

      a30e2cb3bbe1138bf148dcca0187c366f60b064115820b5848f2f177aafbfd97cc3ed2d301ff3dd53001e46337b97595f7df6a014aa3c3ebc69628f22d03623f

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Tasks