darkcomet | 648986fa909cc12cf12c7a9f7a9382fc2d4120fb5bac89cc416148b37b3e33b0 | Triage

Sharing

General

Target

648986fa909cc12cf12c7a9f7a9382fc2d4120fb5bac89cc416148b37b3e33b0
Size

4.5MB
Sample

220217-azh9gsfac7
MD5

018d1b0dca83db0ba677fc3271f1c783
SHA1

5811bce8e13934072837b917543c8074e07d3678
SHA256

648986fa909cc12cf12c7a9f7a9382fc2d4120fb5bac89cc416148b37b3e33b0
SHA512

fc4674748651ddf40626d76dc247db99a3aabed85570624d7f05de1b52d5479e5846633e02a3da17ccd3127daf0e3b656f39bde58088424dd86f460d1812e4ea

Score

10^/10

darkcomet neshta persistence

Malware Config

Targets

- Target
  
  648986fa909cc12cf12c7a9f7a9382fc2d4120fb5bac89cc416148b37b3e33b0
- Size
  
  4.5MB
- MD5
  
  018d1b0dca83db0ba677fc3271f1c783
- SHA1
  
  5811bce8e13934072837b917543c8074e07d3678
- SHA256
  
  648986fa909cc12cf12c7a9f7a9382fc2d4120fb5bac89cc416148b37b3e33b0
- SHA512
  
  fc4674748651ddf40626d76dc247db99a3aabed85570624d7f05de1b52d5479e5846633e02a3da17ccd3127daf0e3b656f39bde58088424dd86f460d1812e4ea
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

neshtadarkcomet

behavioral1

behavioral2