General

  • Target

    f57d9d1d08a0380e0f02276f0d9546d7a39bb9f1157d72bc97b3fdf91f394cde

  • Size

    659KB

  • Sample

    221004-hb8s8sgaem

  • MD5

    13cea37ede7722a75af94d68436d9ee8

  • SHA1

    0b9414ca684130c1b044ecf7c23f16142bf6be6d

  • SHA256

    f57d9d1d08a0380e0f02276f0d9546d7a39bb9f1157d72bc97b3fdf91f394cde

  • SHA512

    0d7a627ed3c182d73746c49806198c58bae43ca4befaaf38a5cf3df2e1c0dfe8af83cf42e0db797e36eea8880b5d6d68367b25e059ba85cdb74f9043cfbb13ee

  • SSDEEP

    12288:Q9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKp:WAQ6Zx9cxTmOrucTIEFSpOGk

Malware Config

Targets

    • Target

      f57d9d1d08a0380e0f02276f0d9546d7a39bb9f1157d72bc97b3fdf91f394cde

    • Size

      659KB

    • MD5

      13cea37ede7722a75af94d68436d9ee8

    • SHA1

      0b9414ca684130c1b044ecf7c23f16142bf6be6d

    • SHA256

      f57d9d1d08a0380e0f02276f0d9546d7a39bb9f1157d72bc97b3fdf91f394cde

    • SHA512

      0d7a627ed3c182d73746c49806198c58bae43ca4befaaf38a5cf3df2e1c0dfe8af83cf42e0db797e36eea8880b5d6d68367b25e059ba85cdb74f9043cfbb13ee

    • SSDEEP

      12288:Q9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKp:WAQ6Zx9cxTmOrucTIEFSpOGk

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks