General

  • Target

    6c43e7a9c4152f2dff5ead7e60deb9aa

  • Size

    274KB

  • Sample

    240121-d9wt4seaap

  • MD5

    6c43e7a9c4152f2dff5ead7e60deb9aa

  • SHA1

    9ed84cc302ffb5d05132d6d6cb095c3bf726ecfa

  • SHA256

    23be7156029f11989e77e9a1e836029ae196d0f06578b1b630b2fa691e736706

  • SHA512

    4be7f0abd7c21575761d922f65f9508ad6a965b26daebb97d6d1f78de6d29b03825de7060f03dde029e37009e2d0c4953f31308d820dd5c7630e693d738b886a

  • SSDEEP

    6144:W1iJcYtR1HsvpSHY7KoSrfTNBuzZZcA1wnOLrMM40FY:WkHcpSHY7VSrfT2/czO3HzFY

Malware Config

Targets

    • Target

      6c43e7a9c4152f2dff5ead7e60deb9aa

    • Size

      274KB

    • MD5

      6c43e7a9c4152f2dff5ead7e60deb9aa

    • SHA1

      9ed84cc302ffb5d05132d6d6cb095c3bf726ecfa

    • SHA256

      23be7156029f11989e77e9a1e836029ae196d0f06578b1b630b2fa691e736706

    • SHA512

      4be7f0abd7c21575761d922f65f9508ad6a965b26daebb97d6d1f78de6d29b03825de7060f03dde029e37009e2d0c4953f31308d820dd5c7630e693d738b886a

    • SSDEEP

      6144:W1iJcYtR1HsvpSHY7KoSrfTNBuzZZcA1wnOLrMM40FY:WkHcpSHY7VSrfT2/czO3HzFY

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks