General

  • Target

    eddc596f4104f81270ec7442112a2fcb667308761c8520f2d6fdea11cfec97cd

  • Size

    741KB

  • Sample

    221014-l6892aafb8

  • MD5

    6464fa373e7ea56f30ef4d6ee115b103

  • SHA1

    f0af90c26526f35ff32a7256f11fc5540ff58625

  • SHA256

    eddc596f4104f81270ec7442112a2fcb667308761c8520f2d6fdea11cfec97cd

  • SHA512

    bae840c0fa8795c433f88878b4e12bb7cb1f18109b7c2ee27f911adc6df80bbfe97237315d63597d05d1a4c220b2c4132a08422985a797693e90449574c1e816

  • SSDEEP

    12288:EVgS5qr/ux5TP2JfkiUQ+IKwk6ebqLxGbSvLBEc1WlFLXjnGDuR5x:KgXkr2dMQ+nwkjOcE1W33nPJ

Malware Config

Targets

    • Target

      eddc596f4104f81270ec7442112a2fcb667308761c8520f2d6fdea11cfec97cd

    • Size

      741KB

    • MD5

      6464fa373e7ea56f30ef4d6ee115b103

    • SHA1

      f0af90c26526f35ff32a7256f11fc5540ff58625

    • SHA256

      eddc596f4104f81270ec7442112a2fcb667308761c8520f2d6fdea11cfec97cd

    • SHA512

      bae840c0fa8795c433f88878b4e12bb7cb1f18109b7c2ee27f911adc6df80bbfe97237315d63597d05d1a4c220b2c4132a08422985a797693e90449574c1e816

    • SSDEEP

      12288:EVgS5qr/ux5TP2JfkiUQ+IKwk6ebqLxGbSvLBEc1WlFLXjnGDuR5x:KgXkr2dMQ+nwkjOcE1W33nPJ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks