General

  • Target

    6c2ac089dca51eb4644c5351b2edd105

  • Size

    744KB

  • Sample

    240121-dcjhhsdcel

  • MD5

    6c2ac089dca51eb4644c5351b2edd105

  • SHA1

    bb2c6f32bb695ac4ba6cdc7763249d0aaf213c0c

  • SHA256

    f558a0e74bb7f327817b24d824f4d9b75ac0e6d5a909c21bc96119cac5df1af8

  • SHA512

    6691b19f0a4e84faaaa0c7ff7163a66865e543782487ead8899b521a4a88d095008533dbc2886515f2320a47f647c60967f2674735abcfff333a145419d82996

  • SSDEEP

    12288:1yo9KMChh7tNWGlKtr1/N9wnqM24djah3CWkaQwNWy+Q:1yosZ13W4usn1djwkaQLy+Q

Malware Config

Targets

    • Target

      6c2ac089dca51eb4644c5351b2edd105

    • Size

      744KB

    • MD5

      6c2ac089dca51eb4644c5351b2edd105

    • SHA1

      bb2c6f32bb695ac4ba6cdc7763249d0aaf213c0c

    • SHA256

      f558a0e74bb7f327817b24d824f4d9b75ac0e6d5a909c21bc96119cac5df1af8

    • SHA512

      6691b19f0a4e84faaaa0c7ff7163a66865e543782487ead8899b521a4a88d095008533dbc2886515f2320a47f647c60967f2674735abcfff333a145419d82996

    • SSDEEP

      12288:1yo9KMChh7tNWGlKtr1/N9wnqM24djah3CWkaQwNWy+Q:1yosZ13W4usn1djwkaQLy+Q

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks