General

  • Target

    80a48e83af801ef33588f94439af3870c93a52210a2c9a660d86654942b83729

  • Size

    714KB

  • Sample

    221014-l2gzzsadc2

  • MD5

    7c400c5996859450798aace478ff5cc8

  • SHA1

    4323b2adc51a3a7884b40edc6fd9fdd12f1faa92

  • SHA256

    80a48e83af801ef33588f94439af3870c93a52210a2c9a660d86654942b83729

  • SHA512

    9977a28d78ac3ab68bfbddad3a2fded515aad9a955f515961589eadd3e4d0ad72461ebd085d7da7c66920648c152c2225e2de124aa8bf0f49c2e9fb6144e3fb3

  • SSDEEP

    12288:yaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdb:jAEENIq8XwyVPQclDq/+WnpsSb

Malware Config

Targets

    • Target

      80a48e83af801ef33588f94439af3870c93a52210a2c9a660d86654942b83729

    • Size

      714KB

    • MD5

      7c400c5996859450798aace478ff5cc8

    • SHA1

      4323b2adc51a3a7884b40edc6fd9fdd12f1faa92

    • SHA256

      80a48e83af801ef33588f94439af3870c93a52210a2c9a660d86654942b83729

    • SHA512

      9977a28d78ac3ab68bfbddad3a2fded515aad9a955f515961589eadd3e4d0ad72461ebd085d7da7c66920648c152c2225e2de124aa8bf0f49c2e9fb6144e3fb3

    • SSDEEP

      12288:yaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdb:jAEENIq8XwyVPQclDq/+WnpsSb

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks