General

  • Target

    47f5ecca202517a29dca4c43f003e79297fec8bd96f5963178c5216953f56969

  • Size

    687KB

  • Sample

    221014-l2l9psadc6

  • MD5

    630b245e22d47182fdaac215bf00eec0

  • SHA1

    1895c6c9342cc247de9e31ff481477290243e60a

  • SHA256

    47f5ecca202517a29dca4c43f003e79297fec8bd96f5963178c5216953f56969

  • SHA512

    4701c78af0d3d85ed366e4cebde76ec19f655544442230ed460ac6d51069c002b87086dff1a432f2ee31aa70d1173400b10541e0d8f0df126004f506b65ff829

  • SSDEEP

    12288:e6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhjh:jAmBpVKHu0Mu9Xo20VGLVP5

Malware Config

Targets

    • Target

      47f5ecca202517a29dca4c43f003e79297fec8bd96f5963178c5216953f56969

    • Size

      687KB

    • MD5

      630b245e22d47182fdaac215bf00eec0

    • SHA1

      1895c6c9342cc247de9e31ff481477290243e60a

    • SHA256

      47f5ecca202517a29dca4c43f003e79297fec8bd96f5963178c5216953f56969

    • SHA512

      4701c78af0d3d85ed366e4cebde76ec19f655544442230ed460ac6d51069c002b87086dff1a432f2ee31aa70d1173400b10541e0d8f0df126004f506b65ff829

    • SSDEEP

      12288:e6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhjh:jAmBpVKHu0Mu9Xo20VGLVP5

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks