General

  • Target

    66a8bacfbd27ad1b7b3a0e995044ed2c

  • Size

    410KB

  • Sample

    240119-eqxsqseeeq

  • MD5

    66a8bacfbd27ad1b7b3a0e995044ed2c

  • SHA1

    5ca47b32b5d2074728870c55ff80650c02afbe29

  • SHA256

    667f1deac8dcc1eec84a25f658dc279bc3b5b0286e39f8662e1e6d285d2db808

  • SHA512

    fc8454cb7769a76db295da2a088cb9ae187b72c396bf5f9afcf9c2064e5fcaebec800d583dba77f2df7123ed5ed65467de1512be19977add318efd7b1defefa5

  • SSDEEP

    6144:iDGb4OFRCo5K6aC5dQdok85pwHI5VMSb1WoUkyQ3uqb7a+QBxRgnjCnuKQqAoH9r:Us7FooYk/QKWHmMSb1Br7PQB9/A3KCs

Score
10/10

Malware Config

Targets

    • Target

      66a8bacfbd27ad1b7b3a0e995044ed2c

    • Size

      410KB

    • MD5

      66a8bacfbd27ad1b7b3a0e995044ed2c

    • SHA1

      5ca47b32b5d2074728870c55ff80650c02afbe29

    • SHA256

      667f1deac8dcc1eec84a25f658dc279bc3b5b0286e39f8662e1e6d285d2db808

    • SHA512

      fc8454cb7769a76db295da2a088cb9ae187b72c396bf5f9afcf9c2064e5fcaebec800d583dba77f2df7123ed5ed65467de1512be19977add318efd7b1defefa5

    • SSDEEP

      6144:iDGb4OFRCo5K6aC5dQdok85pwHI5VMSb1WoUkyQ3uqb7a+QBxRgnjCnuKQqAoH9r:Us7FooYk/QKWHmMSb1Br7PQB9/A3KCs

    Score
    10/10
    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks