General

  • Target

    42b4c92b41d55a5be8e9c9cc4311660bd4a9d6b387c1ee9cd343d40fa5ea86f7

  • Size

    721KB

  • Sample

    221004-hlrbyagebj

  • MD5

    4a659ddd0188e7f0c08e43ac08230d80

  • SHA1

    34b0f20c1b20fe58572b4e72313546580b91c098

  • SHA256

    42b4c92b41d55a5be8e9c9cc4311660bd4a9d6b387c1ee9cd343d40fa5ea86f7

  • SHA512

    3f7e4cb0969832f5f9ccd3b150a186f4c42d12dc3fe0e5b5644841d957a0687e30d445a968b2a29b6645d9d78730c09d2557d27b710778543425048bf02197d1

  • SSDEEP

    12288:QxSVjEBw9FA3/rHaFqKYA15o/cf2vidTRbwQQFBXGQtxY1HftMj1yuWmtGjRq:Q8VQuFA3/rHaFqDA1u/cf2eFyFB/e5ts

Malware Config

Targets

    • Target

      42b4c92b41d55a5be8e9c9cc4311660bd4a9d6b387c1ee9cd343d40fa5ea86f7

    • Size

      721KB

    • MD5

      4a659ddd0188e7f0c08e43ac08230d80

    • SHA1

      34b0f20c1b20fe58572b4e72313546580b91c098

    • SHA256

      42b4c92b41d55a5be8e9c9cc4311660bd4a9d6b387c1ee9cd343d40fa5ea86f7

    • SHA512

      3f7e4cb0969832f5f9ccd3b150a186f4c42d12dc3fe0e5b5644841d957a0687e30d445a968b2a29b6645d9d78730c09d2557d27b710778543425048bf02197d1

    • SSDEEP

      12288:QxSVjEBw9FA3/rHaFqKYA15o/cf2vidTRbwQQFBXGQtxY1HftMj1yuWmtGjRq:Q8VQuFA3/rHaFqDA1u/cf2eFyFB/e5ts

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Drops startup file

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks