General

  • Target

    b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842

  • Size

    3.3MB

  • Sample

    221205-hcdz9adg24

  • MD5

    4c8104511d3397cc60a289802fef826c

  • SHA1

    beed9b44d8556122407c4e2c23300615d57a1a77

  • SHA256

    b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842

  • SHA512

    6292101dce13cc1eea4038a4aa10853eef3fa37783932f45c4fb2c6da191bc0de53550568e49407208abd8645fc4e5a4ea3c56b361822771823f6507c99aa219

  • SSDEEP

    98304:3ZccpCPWe6/IL/zqLJIEsHtEgfylQ+e63gFPtmGppT:3ZccpCPK/EzqLJxoyYbP7

Malware Config

Targets

    • Target

      b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842

    • Size

      3.3MB

    • MD5

      4c8104511d3397cc60a289802fef826c

    • SHA1

      beed9b44d8556122407c4e2c23300615d57a1a77

    • SHA256

      b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842

    • SHA512

      6292101dce13cc1eea4038a4aa10853eef3fa37783932f45c4fb2c6da191bc0de53550568e49407208abd8645fc4e5a4ea3c56b361822771823f6507c99aa219

    • SSDEEP

      98304:3ZccpCPWe6/IL/zqLJIEsHtEgfylQ+e63gFPtmGppT:3ZccpCPK/EzqLJxoyYbP7

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks