General

  • Target

    6f6da99e6e13bb7b1f15c5b0dfeed251

  • Size

    920KB

  • Sample

    240122-megldaeef7

  • MD5

    6f6da99e6e13bb7b1f15c5b0dfeed251

  • SHA1

    046c5c1e3707d49a59320b5497cf178b52cc3442

  • SHA256

    80cc797c50a5f855d0505d33dfdf329de205fa1c19b4d03f787d0d4e8a8e7502

  • SHA512

    f56c5d061e01a6b807b72839000424f797e5d8f35534f2eb1cc8b41735b4e9a96b2e27e8a3cb31d3b3b49d30d70a7f3fcfa5ab32dbd7a297aef43c95f8a6cfd7

  • SSDEEP

    24576:iwApu99lPzvxP+Bsz2XjWTRMQckkIXGD0QZh9u:dApIzpP+hickkIp

Malware Config

Targets

    • Target

      6f6da99e6e13bb7b1f15c5b0dfeed251

    • Size

      920KB

    • MD5

      6f6da99e6e13bb7b1f15c5b0dfeed251

    • SHA1

      046c5c1e3707d49a59320b5497cf178b52cc3442

    • SHA256

      80cc797c50a5f855d0505d33dfdf329de205fa1c19b4d03f787d0d4e8a8e7502

    • SHA512

      f56c5d061e01a6b807b72839000424f797e5d8f35534f2eb1cc8b41735b4e9a96b2e27e8a3cb31d3b3b49d30d70a7f3fcfa5ab32dbd7a297aef43c95f8a6cfd7

    • SSDEEP

      24576:iwApu99lPzvxP+Bsz2XjWTRMQckkIXGD0QZh9u:dApIzpP+hickkIp

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks