General

  • Target

    98ecc7c23bb4b27412f8b4659771dfeb530cc7425f21ea68c3f9df0ea4d18575

  • Size

    724KB

  • Sample

    221014-l1995sadb6

  • MD5

    6c10e408fdf057db3fa5d8f9f585912d

  • SHA1

    54dc100fc6648d9e6f595afbd344a1ab1f4c0e31

  • SHA256

    98ecc7c23bb4b27412f8b4659771dfeb530cc7425f21ea68c3f9df0ea4d18575

  • SHA512

    256f2006f5a5760c86ea0febddef388cc07739570c59576994cafcc0eee94c15c59f8ba17cb78bf7837b336ce1e4ec823975b0177bffd718ca1b90f5bdf5474c

  • SSDEEP

    12288:oFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJk:I3nbWmJVJFwSddIXvfhqbiaxvRxq9G

Malware Config

Targets

    • Target

      98ecc7c23bb4b27412f8b4659771dfeb530cc7425f21ea68c3f9df0ea4d18575

    • Size

      724KB

    • MD5

      6c10e408fdf057db3fa5d8f9f585912d

    • SHA1

      54dc100fc6648d9e6f595afbd344a1ab1f4c0e31

    • SHA256

      98ecc7c23bb4b27412f8b4659771dfeb530cc7425f21ea68c3f9df0ea4d18575

    • SHA512

      256f2006f5a5760c86ea0febddef388cc07739570c59576994cafcc0eee94c15c59f8ba17cb78bf7837b336ce1e4ec823975b0177bffd718ca1b90f5bdf5474c

    • SSDEEP

      12288:oFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJk:I3nbWmJVJFwSddIXvfhqbiaxvRxq9G

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks