General

  • Target

    6d7c731b294da4bbc978c3d28774cbcc

  • Size

    1.1MB

  • Sample

    240121-t1lwjsedam

  • MD5

    6d7c731b294da4bbc978c3d28774cbcc

  • SHA1

    c8b691ff4a394e60f80563b6beaa9336c6cbec86

  • SHA256

    04a6c44d974b8ad8b58936d0481b60c09dca8c351404c3002381f96332f20781

  • SHA512

    7ee124fcad0f991c8ddc0be19f64adb0e724f86d9aee0961415bbe76ff5f8f0a39848cbe1971c67e2b70a155387a8ba1a607bac37c993f59e4f0564b8fc3cf4d

  • SSDEEP

    24576:T/1vN+s4DcoORNsZ+31RoJ6fyD0QZh9u:JV++pvsw0o

Malware Config

Targets

    • Target

      6d7c731b294da4bbc978c3d28774cbcc

    • Size

      1.1MB

    • MD5

      6d7c731b294da4bbc978c3d28774cbcc

    • SHA1

      c8b691ff4a394e60f80563b6beaa9336c6cbec86

    • SHA256

      04a6c44d974b8ad8b58936d0481b60c09dca8c351404c3002381f96332f20781

    • SHA512

      7ee124fcad0f991c8ddc0be19f64adb0e724f86d9aee0961415bbe76ff5f8f0a39848cbe1971c67e2b70a155387a8ba1a607bac37c993f59e4f0564b8fc3cf4d

    • SSDEEP

      24576:T/1vN+s4DcoORNsZ+31RoJ6fyD0QZh9u:JV++pvsw0o

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks