General

  • Target

    9da39e88fa0e1e5afc1306cc0a5790b2

  • Size

    985KB

  • Sample

    240215-l97wdaef85

  • MD5

    9da39e88fa0e1e5afc1306cc0a5790b2

  • SHA1

    31c391c0c7dc1b49a7d2e64af55af4c7574ecbcf

  • SHA256

    4c66dc4794938240922aecf53453ca80dc62f2631250a3f4c1b2d19ca6417f7c

  • SHA512

    77b0c081b3ec8f74efe1925d65ce7f8ea2301539783b2778c4b1a74c53f2eb9a4f45824134f7033fe9d14ff26c04e5e35792c83581ffcd94f00f8ae8f511f083

  • SSDEEP

    24576:+MOmUg9nZBRi4WEYhPATcKAaNyZkQrImWtaR:+FmLRMPeuZZWt

Malware Config

Targets

    • Target

      9da39e88fa0e1e5afc1306cc0a5790b2

    • Size

      985KB

    • MD5

      9da39e88fa0e1e5afc1306cc0a5790b2

    • SHA1

      31c391c0c7dc1b49a7d2e64af55af4c7574ecbcf

    • SHA256

      4c66dc4794938240922aecf53453ca80dc62f2631250a3f4c1b2d19ca6417f7c

    • SHA512

      77b0c081b3ec8f74efe1925d65ce7f8ea2301539783b2778c4b1a74c53f2eb9a4f45824134f7033fe9d14ff26c04e5e35792c83581ffcd94f00f8ae8f511f083

    • SSDEEP

      24576:+MOmUg9nZBRi4WEYhPATcKAaNyZkQrImWtaR:+FmLRMPeuZZWt

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks