darkcomet | 566d9c8bbb63fab94129a4c088f8c9a85b9c306bdcda72bb2f61a4c224c427ca | Triage

Sharing

General

Target

566d9c8bbb63fab94129a4c088f8c9a85b9c306bdcda72bb2f61a4c224c427ca
Size

4.9MB
Sample

220217-azrkvsfac8
MD5

013041c171100f1c5dd5455dfc44de56
SHA1

32cb9b68c16c5aae4204d8429538de4734ad12ff
SHA256

566d9c8bbb63fab94129a4c088f8c9a85b9c306bdcda72bb2f61a4c224c427ca
SHA512

fb09d04e2b3b56ab31faaada6fbbaf865f3bedc5909445b13f67f01b7dba4e949bf3a6cac78aeb8b013ad78e35bc06fa77b2c02a2a2a2e30b3e0a41cc02e1669

Score

10^/10

darkcomet neshta persistence

Malware Config

Targets

- Target
  
  566d9c8bbb63fab94129a4c088f8c9a85b9c306bdcda72bb2f61a4c224c427ca
- Size
  
  4.9MB
- MD5
  
  013041c171100f1c5dd5455dfc44de56
- SHA1
  
  32cb9b68c16c5aae4204d8429538de4734ad12ff
- SHA256
  
  566d9c8bbb63fab94129a4c088f8c9a85b9c306bdcda72bb2f61a4c224c427ca
- SHA512
  
  fb09d04e2b3b56ab31faaada6fbbaf865f3bedc5909445b13f67f01b7dba4e949bf3a6cac78aeb8b013ad78e35bc06fa77b2c02a2a2a2e30b3e0a41cc02e1669
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

neshtadarkcomet

behavioral1

behavioral2