General

  • Target

    65979a248b58e81cc8898a678220c4c89510fedd237ce7f850525efab342b13d

  • Size

    254KB

  • Sample

    221011-k9176afgc4

  • MD5

    6d9204abe4f53ebfeb0fe8a7ab60744e

  • SHA1

    b353a9cec76f09f2b2673da176234fcc1f549b03

  • SHA256

    65979a248b58e81cc8898a678220c4c89510fedd237ce7f850525efab342b13d

  • SHA512

    02210383d7aaaade53c8d6193370ff8889b05597dbbc3130759d2953dbd9302cf12e4e69a411963a79097caf810348e8283a447d84c9a3b0f26a9ef207e3a7d7

  • SSDEEP

    6144:pf5yZ/ka76g6waedizy5YUFJL7UVKkjIwNz74pZDR1PpNSvL:pEkaZXjYwLaUkUppnpNSvL

Malware Config

Targets

    • Target

      65979a248b58e81cc8898a678220c4c89510fedd237ce7f850525efab342b13d

    • Size

      254KB

    • MD5

      6d9204abe4f53ebfeb0fe8a7ab60744e

    • SHA1

      b353a9cec76f09f2b2673da176234fcc1f549b03

    • SHA256

      65979a248b58e81cc8898a678220c4c89510fedd237ce7f850525efab342b13d

    • SHA512

      02210383d7aaaade53c8d6193370ff8889b05597dbbc3130759d2953dbd9302cf12e4e69a411963a79097caf810348e8283a447d84c9a3b0f26a9ef207e3a7d7

    • SSDEEP

      6144:pf5yZ/ka76g6waedizy5YUFJL7UVKkjIwNz74pZDR1PpNSvL:pEkaZXjYwLaUkUppnpNSvL

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks