General

  • Target

    6cbac8439d8f906f2db881bb93f3a903

  • Size

    324KB

  • Sample

    240121-je6cyshce9

  • MD5

    6cbac8439d8f906f2db881bb93f3a903

  • SHA1

    fb71ae302a75547aa646f10d87d0116eafec7f38

  • SHA256

    03388690dad6e9160457659c21f24cedba230f53c007ad4c62d4773780e1eac4

  • SHA512

    24e37e048e17b9c18671bb435f4bd8fd6185db7cf01e0b24f63dca6ae44f61fcb575f115fbeac35ca5c10d0f43b4db058b249a8e6fa627c623e8722ddaf45919

  • SSDEEP

    6144:Vva/giBihpLigYEwGUyLiyLguCRZbxMwXSmd95fy4MdqmzO5:VSYzOgYEwGUyLidumVRBMr0

Malware Config

Targets

    • Target

      6cbac8439d8f906f2db881bb93f3a903

    • Size

      324KB

    • MD5

      6cbac8439d8f906f2db881bb93f3a903

    • SHA1

      fb71ae302a75547aa646f10d87d0116eafec7f38

    • SHA256

      03388690dad6e9160457659c21f24cedba230f53c007ad4c62d4773780e1eac4

    • SHA512

      24e37e048e17b9c18671bb435f4bd8fd6185db7cf01e0b24f63dca6ae44f61fcb575f115fbeac35ca5c10d0f43b4db058b249a8e6fa627c623e8722ddaf45919

    • SSDEEP

      6144:Vva/giBihpLigYEwGUyLiyLguCRZbxMwXSmd95fy4MdqmzO5:VSYzOgYEwGUyLidumVRBMr0

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks