General

  • Target

    68db2fb01597696c3171961a570371f9

  • Size

    372KB

  • Sample

    240119-2z255sffg8

  • MD5

    68db2fb01597696c3171961a570371f9

  • SHA1

    f984f85e817c6f9c3a2ca1757f91b48faf21fff9

  • SHA256

    4ad1ccf1ad1dcb7231f96c8b0e2ac959eecfb92b9b7db80b5cee8edcf9c93d7b

  • SHA512

    eb334bcb86028f2394c06667cb601826a24ad76d2ed7fbf0ee8b8b3e7886e813eb914f0227331a3248720860e8a47b6c8ed293cedb01579f9cf8e834dc140be6

  • SSDEEP

    6144:fhPzIod4Oe5bqWtDtokamouVw7bRqyK/V2Yle25i8RSYrRJiQ6et2lqEiL:pLFkpVGbRqyc4z25i8RSm/iQn

Score
10/10

Malware Config

Targets

    • Target

      68db2fb01597696c3171961a570371f9

    • Size

      372KB

    • MD5

      68db2fb01597696c3171961a570371f9

    • SHA1

      f984f85e817c6f9c3a2ca1757f91b48faf21fff9

    • SHA256

      4ad1ccf1ad1dcb7231f96c8b0e2ac959eecfb92b9b7db80b5cee8edcf9c93d7b

    • SHA512

      eb334bcb86028f2394c06667cb601826a24ad76d2ed7fbf0ee8b8b3e7886e813eb914f0227331a3248720860e8a47b6c8ed293cedb01579f9cf8e834dc140be6

    • SSDEEP

      6144:fhPzIod4Oe5bqWtDtokamouVw7bRqyK/V2Yle25i8RSYrRJiQ6et2lqEiL:pLFkpVGbRqyc4z25i8RSm/iQn

    Score
    10/10
    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks