General

  • Target

    65a6e82237151f623b03ab3791c5767d

  • Size

    765KB

  • Sample

    240118-wef5aaeean

  • MD5

    65a6e82237151f623b03ab3791c5767d

  • SHA1

    ec9dbdd6bd941257f197da0ba6421d79af6da618

  • SHA256

    e9645314b2c109b7a990f521f949e1b9da833c1760010106670b028600a9ffca

  • SHA512

    726dfe101f73de9ea85f2d3d87d56775ed4fc0a50aa4ae630c57e4228902bd1032ab652fef666ed41741ac8b0f0aadfdde22b9d6abece1a39251f42373a3da02

  • SSDEEP

    12288:cfbh3edoSdPDze9LBApPsKNoeP313umLcUmyqC+N/jXI0j:GR8oYzS12PVaA3LLRHqC+ljX

Malware Config

Targets

    • Target

      65a6e82237151f623b03ab3791c5767d

    • Size

      765KB

    • MD5

      65a6e82237151f623b03ab3791c5767d

    • SHA1

      ec9dbdd6bd941257f197da0ba6421d79af6da618

    • SHA256

      e9645314b2c109b7a990f521f949e1b9da833c1760010106670b028600a9ffca

    • SHA512

      726dfe101f73de9ea85f2d3d87d56775ed4fc0a50aa4ae630c57e4228902bd1032ab652fef666ed41741ac8b0f0aadfdde22b9d6abece1a39251f42373a3da02

    • SSDEEP

      12288:cfbh3edoSdPDze9LBApPsKNoeP313umLcUmyqC+N/jXI0j:GR8oYzS12PVaA3LLRHqC+ljX

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks