General

  • Target

    30cc674865403c5ad3eb246fbb4eb71cad63f4d044fcce96d9949d172497323c

  • Size

    825KB

  • Sample

    221004-gx614afcdp

  • MD5

    2cc680307934db679476001c2d42501a

  • SHA1

    2285e76059caa519e497df60787fb12ddba47b28

  • SHA256

    30cc674865403c5ad3eb246fbb4eb71cad63f4d044fcce96d9949d172497323c

  • SHA512

    cec33f1e326782682721cad7c1f106ebeb83ba636b39d62f76971cd63f986b8da8326e29f6994ce047321d90c86e25f6e8950becc1e85bd668843afeb80042fd

  • SSDEEP

    24576:+4qMHqSqV7zbRbJ1NMJwktXvIA0NC3Oh+FJD:+4q+7E9J1NMxt/IA0C3Oh+3D

Malware Config

Targets

    • Target

      30cc674865403c5ad3eb246fbb4eb71cad63f4d044fcce96d9949d172497323c

    • Size

      825KB

    • MD5

      2cc680307934db679476001c2d42501a

    • SHA1

      2285e76059caa519e497df60787fb12ddba47b28

    • SHA256

      30cc674865403c5ad3eb246fbb4eb71cad63f4d044fcce96d9949d172497323c

    • SHA512

      cec33f1e326782682721cad7c1f106ebeb83ba636b39d62f76971cd63f986b8da8326e29f6994ce047321d90c86e25f6e8950becc1e85bd668843afeb80042fd

    • SSDEEP

      24576:+4qMHqSqV7zbRbJ1NMJwktXvIA0NC3Oh+FJD:+4q+7E9J1NMxt/IA0C3Oh+3D

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks