General

  • Target

    85ab080597b47467ad4145a456c9cc85da9036a2892b7ebd06121f05c9dcb7ad

  • Size

    668KB

  • Sample

    221019-2a4mnsbbbq

  • MD5

    a13bb28a1775aacb5d648c0b4efada40

  • SHA1

    b97cc6e019a4a52e411eb1e75d349d18364bb0a0

  • SHA256

    85ab080597b47467ad4145a456c9cc85da9036a2892b7ebd06121f05c9dcb7ad

  • SHA512

    f770c55d7b933a27c1450c9b38fd988c9ccc82f6bd572fe81f3aa41202eeededcc193c2daa57b860fec28d062313cd9ea8244f9baff73bf5c3873500b3f8660b

  • SSDEEP

    12288:9hp8giY4D6Qk5riGBVZ6Oh5ZYOZ90xHPlbGPT0uRawf6yYVgxP+eyCgPdYq3NIX0:9X8gj4bk5r7VZ6s5ZFZ9YHPtGPouRn6d

Malware Config

Targets

    • Target

      85ab080597b47467ad4145a456c9cc85da9036a2892b7ebd06121f05c9dcb7ad

    • Size

      668KB

    • MD5

      a13bb28a1775aacb5d648c0b4efada40

    • SHA1

      b97cc6e019a4a52e411eb1e75d349d18364bb0a0

    • SHA256

      85ab080597b47467ad4145a456c9cc85da9036a2892b7ebd06121f05c9dcb7ad

    • SHA512

      f770c55d7b933a27c1450c9b38fd988c9ccc82f6bd572fe81f3aa41202eeededcc193c2daa57b860fec28d062313cd9ea8244f9baff73bf5c3873500b3f8660b

    • SSDEEP

      12288:9hp8giY4D6Qk5riGBVZ6Oh5ZYOZ90xHPlbGPT0uRawf6yYVgxP+eyCgPdYq3NIX0:9X8gj4bk5r7VZ6s5ZFZ9YHPtGPouRn6d

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks