General

  • Target

    6db876b4a6c3313ace234e2de5c548af

  • Size

    638KB

  • Sample

    240121-w4wk9sgdg6

  • MD5

    6db876b4a6c3313ace234e2de5c548af

  • SHA1

    dcc39be1d786f3a9f114e5a1b388420e64e11f35

  • SHA256

    de7128bcf6a537312537173ecfc115a8e36417c1667674db3736edf3e15fd971

  • SHA512

    a7b342f0e4d81514f1e8a0a8d9ca4fed879960f683db8ed5ed9c227d88eedba4110cd0c2a2d4581df84109863e65778a50569d60af3beced83cc2a142c32eaa5

  • SSDEEP

    12288:ypwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/:swAcu99lPzvxP+Bsz2XjWTRMQckkIXn

Malware Config

Targets

    • Target

      6db876b4a6c3313ace234e2de5c548af

    • Size

      638KB

    • MD5

      6db876b4a6c3313ace234e2de5c548af

    • SHA1

      dcc39be1d786f3a9f114e5a1b388420e64e11f35

    • SHA256

      de7128bcf6a537312537173ecfc115a8e36417c1667674db3736edf3e15fd971

    • SHA512

      a7b342f0e4d81514f1e8a0a8d9ca4fed879960f683db8ed5ed9c227d88eedba4110cd0c2a2d4581df84109863e65778a50569d60af3beced83cc2a142c32eaa5

    • SSDEEP

      12288:ypwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/:swAcu99lPzvxP+Bsz2XjWTRMQckkIXn

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks