General

  • Target

    5c08ee830d57281e05bfc233611b4e908b6ce0b7823fd7cb7ccd70ed4c194f24

  • Size

    811KB

  • Sample

    221011-k92tpafgc5

  • MD5

    6ac254428d8cfacf7fb17a25e5e3e343

  • SHA1

    093e5ab9a4dbce6b921d72770e4c2ab9aefed978

  • SHA256

    5c08ee830d57281e05bfc233611b4e908b6ce0b7823fd7cb7ccd70ed4c194f24

  • SHA512

    3e1fdea98fa9cab11b283a56f22edd31e021983ac015029637605d12ae7f7da55e5e74c6c82b0813a67af7758155a7dbc9e0a2751431cc4603ef9f4d9e961e7e

  • SSDEEP

    12288:/aAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgde:CAEENIq8XwyVPQclDq/+WnpsSe

Malware Config

Targets

    • Target

      5c08ee830d57281e05bfc233611b4e908b6ce0b7823fd7cb7ccd70ed4c194f24

    • Size

      811KB

    • MD5

      6ac254428d8cfacf7fb17a25e5e3e343

    • SHA1

      093e5ab9a4dbce6b921d72770e4c2ab9aefed978

    • SHA256

      5c08ee830d57281e05bfc233611b4e908b6ce0b7823fd7cb7ccd70ed4c194f24

    • SHA512

      3e1fdea98fa9cab11b283a56f22edd31e021983ac015029637605d12ae7f7da55e5e74c6c82b0813a67af7758155a7dbc9e0a2751431cc4603ef9f4d9e961e7e

    • SSDEEP

      12288:/aAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgde:CAEENIq8XwyVPQclDq/+WnpsSe

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks