General

  • Target

    6d48bd0bdd9bb1bacd680fd240f4ecf0

  • Size

    1.2MB

  • Sample

    240121-pel7zacefj

  • MD5

    6d48bd0bdd9bb1bacd680fd240f4ecf0

  • SHA1

    23c95c2332497b905ed619ad79118b31a671d74a

  • SHA256

    f85e2c78d57c70f2f1f090bda82623cdff0b20c8c77a81b86db605e1dee376f5

  • SHA512

    a945eb7bebf700a1870afeed2532bf869932002312b8b5bf71be033014a57ab28a835b54e1b7730f30435c862a5fd26c2ed7d6fab09f6489c311a30d05fa0dc8

  • SSDEEP

    24576:j+9EX3CkF1w8T1+J86F/uq3Mo6ZYoatEOKfXt:S9z2W8T1+J86F/FgrxX

Malware Config

Targets

    • Target

      6d48bd0bdd9bb1bacd680fd240f4ecf0

    • Size

      1.2MB

    • MD5

      6d48bd0bdd9bb1bacd680fd240f4ecf0

    • SHA1

      23c95c2332497b905ed619ad79118b31a671d74a

    • SHA256

      f85e2c78d57c70f2f1f090bda82623cdff0b20c8c77a81b86db605e1dee376f5

    • SHA512

      a945eb7bebf700a1870afeed2532bf869932002312b8b5bf71be033014a57ab28a835b54e1b7730f30435c862a5fd26c2ed7d6fab09f6489c311a30d05fa0dc8

    • SSDEEP

      24576:j+9EX3CkF1w8T1+J86F/uq3Mo6ZYoatEOKfXt:S9z2W8T1+J86F/FgrxX

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks