General

  • Target

    68aea9b1f4605cd58556c62ec72f1f36

  • Size

    648KB

  • Sample

    240119-1cqm6aeec4

  • MD5

    68aea9b1f4605cd58556c62ec72f1f36

  • SHA1

    1d5335563e6fb99d8656016f78dbad42503cf838

  • SHA256

    2c518676f1c6d40841ba7669bddc5ce8e25f6d7cb8ec1598563e46a73b580923

  • SHA512

    38e39e331481f06eb9ecaa55fdcab0dbbd1c99818ee658fd92e277273a45476ac071b46f4bbab4ae94e00baeff711f9ad69370128433f7824fc5552b1362f995

  • SSDEEP

    12288:g6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhK:lAmBpVKHu0Mu9Xo20VGLVP5K

Malware Config

Targets

    • Target

      68aea9b1f4605cd58556c62ec72f1f36

    • Size

      648KB

    • MD5

      68aea9b1f4605cd58556c62ec72f1f36

    • SHA1

      1d5335563e6fb99d8656016f78dbad42503cf838

    • SHA256

      2c518676f1c6d40841ba7669bddc5ce8e25f6d7cb8ec1598563e46a73b580923

    • SHA512

      38e39e331481f06eb9ecaa55fdcab0dbbd1c99818ee658fd92e277273a45476ac071b46f4bbab4ae94e00baeff711f9ad69370128433f7824fc5552b1362f995

    • SSDEEP

      12288:g6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhK:lAmBpVKHu0Mu9Xo20VGLVP5K

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks