General

  • Target

    6774bacc7c51f9d0867614bf71c5189c

  • Size

    780KB

  • Sample

    240119-m327zsdca4

  • MD5

    6774bacc7c51f9d0867614bf71c5189c

  • SHA1

    245dc52cabf12eba2b5eb49982389516365c7467

  • SHA256

    b7da4b64f54a719af82cef6f8c277fc32b61e36595f91ddb567dcff8f5a31b55

  • SHA512

    8f28d805f965900d2c4632eb835826b04432918d2fe1e788372a4460bd9e5ee8fdf59fff63a0a218a4b529426765668ca41face59a54e3f371e15998e0b5c3e6

  • SSDEEP

    24576:1lsLARLnwUueHwkvLiebFiWiUE65mbNfF60d4laeoc:XQARwxeQkvLieb9iUlcE0yoc

Malware Config

Targets

    • Target

      6774bacc7c51f9d0867614bf71c5189c

    • Size

      780KB

    • MD5

      6774bacc7c51f9d0867614bf71c5189c

    • SHA1

      245dc52cabf12eba2b5eb49982389516365c7467

    • SHA256

      b7da4b64f54a719af82cef6f8c277fc32b61e36595f91ddb567dcff8f5a31b55

    • SHA512

      8f28d805f965900d2c4632eb835826b04432918d2fe1e788372a4460bd9e5ee8fdf59fff63a0a218a4b529426765668ca41face59a54e3f371e15998e0b5c3e6

    • SSDEEP

      24576:1lsLARLnwUueHwkvLiebFiWiUE65mbNfF60d4laeoc:XQARwxeQkvLieb9iUlcE0yoc

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Windows security bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks