darkcomet | 0a3f9a829efe3fc9845e1ccb2221556e6cf7ef0ed2872ed436f0ac48db8760fd | Triage

Sharing

General

Target

0a3f9a829efe3fc9845e1ccb2221556e6cf7ef0ed2872ed436f0ac48db8760fd
Size

5.7MB
Sample

220217-az9rfagbhl
MD5

01715548d3884f1a12a8da4bb12be2f8
SHA1

d8ba0b013d803c82dbe6a651ff6214c1b8d76f64
SHA256

0a3f9a829efe3fc9845e1ccb2221556e6cf7ef0ed2872ed436f0ac48db8760fd
SHA512

dfdd9af56f3ffeb3e55ee96b05b1bdc46c77ef70434a47d89b9fd71845d9c86a65623871b6a330c2179cc6564e7072c22f324e646de8e8d5efc471120fc8f051

Score

10^/10

darkcomet neshta persistence

Malware Config

Targets

- Target
  
  0a3f9a829efe3fc9845e1ccb2221556e6cf7ef0ed2872ed436f0ac48db8760fd
- Size
  
  5.7MB
- MD5
  
  01715548d3884f1a12a8da4bb12be2f8
- SHA1
  
  d8ba0b013d803c82dbe6a651ff6214c1b8d76f64
- SHA256
  
  0a3f9a829efe3fc9845e1ccb2221556e6cf7ef0ed2872ed436f0ac48db8760fd
- SHA512
  
  dfdd9af56f3ffeb3e55ee96b05b1bdc46c77ef70434a47d89b9fd71845d9c86a65623871b6a330c2179cc6564e7072c22f324e646de8e8d5efc471120fc8f051
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

neshtadarkcomet

behavioral1

behavioral2