General

  • Target

    6470000322a2c5410fb9fb0520847dc90ad6627c4e29d0ca22531cc0ce94cf6b

  • Size

    718KB

  • Sample

    221019-2m6mssbeh8

  • MD5

    922ce715400ecbdf2a60ee8bb6d3a830

  • SHA1

    599c329c9b14f5286fd8ad8b126d50384f588d07

  • SHA256

    6470000322a2c5410fb9fb0520847dc90ad6627c4e29d0ca22531cc0ce94cf6b

  • SHA512

    13c6c418792b8a61bb70f7f50ae5cd7e6f5e93860ec3ca1572aa664ac74e3a762533de2afdb2e511bdcd421f569956cf64839bdcd4c1eb8310393ce978d5ace5

  • SSDEEP

    12288:t+ha8wFCAUMXI80AmHccEkAary7VCpGTNzLn2WZ61geUQmcZn5NHM4F9617dT9G:t+SCA1aAwcrYGqKLjZCge/Tsf

Malware Config

Targets

    • Target

      6470000322a2c5410fb9fb0520847dc90ad6627c4e29d0ca22531cc0ce94cf6b

    • Size

      718KB

    • MD5

      922ce715400ecbdf2a60ee8bb6d3a830

    • SHA1

      599c329c9b14f5286fd8ad8b126d50384f588d07

    • SHA256

      6470000322a2c5410fb9fb0520847dc90ad6627c4e29d0ca22531cc0ce94cf6b

    • SHA512

      13c6c418792b8a61bb70f7f50ae5cd7e6f5e93860ec3ca1572aa664ac74e3a762533de2afdb2e511bdcd421f569956cf64839bdcd4c1eb8310393ce978d5ace5

    • SSDEEP

      12288:t+ha8wFCAUMXI80AmHccEkAary7VCpGTNzLn2WZ61geUQmcZn5NHM4F9617dT9G:t+SCA1aAwcrYGqKLjZCge/Tsf

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks