General

  • Target

    53d1f1a9d3709cf662eeb3a31ac65d17da82d7378bde20434f37f44fb34828de

  • Size

    482KB

  • Sample

    221011-laf9dafgd4

  • MD5

    62f3ec290a4439799bbfd62283db801c

  • SHA1

    ad32bfea862a3881eab78dd4fe63f04894f2c326

  • SHA256

    53d1f1a9d3709cf662eeb3a31ac65d17da82d7378bde20434f37f44fb34828de

  • SHA512

    de29cb271533ce259c206758273f3a5b4ad99fe1d07c9fe606e8a25c35472d128e85d6adef13f318fa719b8d2667cfe4bdfa8419d9a7823c13eb4f8e372f8d3e

  • SSDEEP

    12288:W8jg5H7m3gidtHuK6abHin1fZZhjY/iNIv/:fqSg4HinHWiiX

Malware Config

Targets

    • Target

      53d1f1a9d3709cf662eeb3a31ac65d17da82d7378bde20434f37f44fb34828de

    • Size

      482KB

    • MD5

      62f3ec290a4439799bbfd62283db801c

    • SHA1

      ad32bfea862a3881eab78dd4fe63f04894f2c326

    • SHA256

      53d1f1a9d3709cf662eeb3a31ac65d17da82d7378bde20434f37f44fb34828de

    • SHA512

      de29cb271533ce259c206758273f3a5b4ad99fe1d07c9fe606e8a25c35472d128e85d6adef13f318fa719b8d2667cfe4bdfa8419d9a7823c13eb4f8e372f8d3e

    • SSDEEP

      12288:W8jg5H7m3gidtHuK6abHin1fZZhjY/iNIv/:fqSg4HinHWiiX

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks