General

  • Target

    6f7e9bb019bf62ddb95a4626d79e24b2

  • Size

    756KB

  • Sample

    240122-m16gmaeffm

  • MD5

    6f7e9bb019bf62ddb95a4626d79e24b2

  • SHA1

    64589f7f8c767a350ebc661a7d5ee6f345e42817

  • SHA256

    7cc9990ee860ee75b2a97b74902b1271a24448700a921f098d24de631398141a

  • SHA512

    97a29ef930460451fc505b4b81890af985e130f826ff8f068f59edb38bd79305c9ec32e9dbc658dd7e610c3269d92ab3b89435a144d863f4753af20bdc0bc110

  • SSDEEP

    12288:l9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKFqMd0QZh9u:DAQ6Zx9cxTmOrucTIEFSpOGkD0QZh9u

Malware Config

Targets

    • Target

      6f7e9bb019bf62ddb95a4626d79e24b2

    • Size

      756KB

    • MD5

      6f7e9bb019bf62ddb95a4626d79e24b2

    • SHA1

      64589f7f8c767a350ebc661a7d5ee6f345e42817

    • SHA256

      7cc9990ee860ee75b2a97b74902b1271a24448700a921f098d24de631398141a

    • SHA512

      97a29ef930460451fc505b4b81890af985e130f826ff8f068f59edb38bd79305c9ec32e9dbc658dd7e610c3269d92ab3b89435a144d863f4753af20bdc0bc110

    • SSDEEP

      12288:l9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKFqMd0QZh9u:DAQ6Zx9cxTmOrucTIEFSpOGkD0QZh9u

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Windows security modification

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks