darkcomet | a5ce0806995a529a70a009333393f2bc6b487d957cacd4bd2d3e2f997e7cfd39 | Triage

Sharing

General

Target

a5ce0806995a529a70a009333393f2bc6b487d957cacd4bd2d3e2f997e7cfd39
Size

893KB
Sample

221203-thysdsed37
MD5

50adf141d9b921d22c50dfdb202d4544
SHA1

e27835cd542d5c6d550f00efb7c2e25f5e791835
SHA256

a5ce0806995a529a70a009333393f2bc6b487d957cacd4bd2d3e2f997e7cfd39
SHA512

588e19228190b0d1f5b632df686bd26e78731dcb0472f1f46c2b3d0d9fd0c8537a0187ce3ff4f1d9a016e72bbaf335a11a149d32d4ed37d91a726320ea366272
SSDEEP

12288:Wzj0D9bO3rTtg3xNGNboQtCyGOy9IAGNmt187tZp9oe1aKNvETo+johds7barLGb:WWTKMQtCypy9IvmAro8+Ehds7ULh6J

Score

10^/10

darkcomet

Malware Config

Targets

- Target
  
  a5ce0806995a529a70a009333393f2bc6b487d957cacd4bd2d3e2f997e7cfd39
- Size
  
  893KB
- MD5
  
  50adf141d9b921d22c50dfdb202d4544
- SHA1
  
  e27835cd542d5c6d550f00efb7c2e25f5e791835
- SHA256
  
  a5ce0806995a529a70a009333393f2bc6b487d957cacd4bd2d3e2f997e7cfd39
- SHA512
  
  588e19228190b0d1f5b632df686bd26e78731dcb0472f1f46c2b3d0d9fd0c8537a0187ce3ff4f1d9a016e72bbaf335a11a149d32d4ed37d91a726320ea366272
- SSDEEP
  
  12288:Wzj0D9bO3rTtg3xNGNboQtCyGOy9IAGNmt187tZp9oe1aKNvETo+johds7barLGb:WWTKMQtCypy9IvmAro8+Ehds7ULh6J
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2