General

  • Target

    52e99ceab23db35b2202ec02cb720b84b437b2c32fc4ba379845c2030a3acacb

  • Size

    1.3MB

  • Sample

    221019-2t8qqsbhd3

  • MD5

    914affb249a0eea125548788c6bfeb5d

  • SHA1

    7036459895f5a836c62d298f46a714bd43306aec

  • SHA256

    52e99ceab23db35b2202ec02cb720b84b437b2c32fc4ba379845c2030a3acacb

  • SHA512

    f6cc8bc79dd09ba8c847aa95d603d97b8405681f6e8079316ef15e4cb49d026c3cf2c42ef5ce51afa52b30e442070ff30374c1ceacf3f79fa542f200dcdc2944

  • SSDEEP

    12288:do81UpsIiHBEXt8CQciRcLl6DD39uQ5OsrekFd9GdBQxTSWACuPJQhD6Nj7Hhhmv:sZcRAXDBfatJFN

Malware Config

Targets

    • Target

      52e99ceab23db35b2202ec02cb720b84b437b2c32fc4ba379845c2030a3acacb

    • Size

      1.3MB

    • MD5

      914affb249a0eea125548788c6bfeb5d

    • SHA1

      7036459895f5a836c62d298f46a714bd43306aec

    • SHA256

      52e99ceab23db35b2202ec02cb720b84b437b2c32fc4ba379845c2030a3acacb

    • SHA512

      f6cc8bc79dd09ba8c847aa95d603d97b8405681f6e8079316ef15e4cb49d026c3cf2c42ef5ce51afa52b30e442070ff30374c1ceacf3f79fa542f200dcdc2944

    • SSDEEP

      12288:do81UpsIiHBEXt8CQciRcLl6DD39uQ5OsrekFd9GdBQxTSWACuPJQhD6Nj7Hhhmv:sZcRAXDBfatJFN

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks