General

  • Target

    64ba486ae1f23f8489ee6f3c1b11d3fa

  • Size

    814KB

  • Sample

    240118-hd24gaeddn

  • MD5

    64ba486ae1f23f8489ee6f3c1b11d3fa

  • SHA1

    75db0303449b17bf62b252778466eef06fbd45c4

  • SHA256

    e10800aacba690b6595767a910d5a590c2d57838c67fac3748de0a4562e8dfa1

  • SHA512

    f8eea8df2eb826ef1cb7e1309293e2662f036007ba55ad9aeea87ef2f2aaedbc88ec0b6f1fca63ea838c6748c7ab324d50b02b967eb0518f7738a70fbd6f1fff

  • SSDEEP

    24576:Z+rX0Y3ymYnZqW7Gio+2LZZspZ01mTI+PI:kz0gbYZqW6HXZWZ0kM+PI

Malware Config

Targets

    • Target

      64ba486ae1f23f8489ee6f3c1b11d3fa

    • Size

      814KB

    • MD5

      64ba486ae1f23f8489ee6f3c1b11d3fa

    • SHA1

      75db0303449b17bf62b252778466eef06fbd45c4

    • SHA256

      e10800aacba690b6595767a910d5a590c2d57838c67fac3748de0a4562e8dfa1

    • SHA512

      f8eea8df2eb826ef1cb7e1309293e2662f036007ba55ad9aeea87ef2f2aaedbc88ec0b6f1fca63ea838c6748c7ab324d50b02b967eb0518f7738a70fbd6f1fff

    • SSDEEP

      24576:Z+rX0Y3ymYnZqW7Gio+2LZZspZ01mTI+PI:kz0gbYZqW6HXZWZ0kM+PI

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks