General

  • Target

    9f001690d5bafec945352cc793e0218b

  • Size

    1.3MB

  • Sample

    240216-a4gapade58

  • MD5

    9f001690d5bafec945352cc793e0218b

  • SHA1

    49e63a3a3c18f069c2f19924387ea7d70002c368

  • SHA256

    9cfa765246b692b8c868a71b8ab069313f14934487be4b73445341e9791f9214

  • SHA512

    9e4e91d22e7996118b18f4d8683734fb3b8101a91ff628db9b8c757dcb04252d1ca28c0b93fb6665a93c98503b2d4f3aeef44b75ffc1e8798b65d2ad598f2449

  • SSDEEP

    24576:eSDlhY3WHL7CVhNQqQ33Kj7aXBbE0jiaCt5h6fpW:e4bQYXFZpu1e

Malware Config

Targets

    • Target

      9f001690d5bafec945352cc793e0218b

    • Size

      1.3MB

    • MD5

      9f001690d5bafec945352cc793e0218b

    • SHA1

      49e63a3a3c18f069c2f19924387ea7d70002c368

    • SHA256

      9cfa765246b692b8c868a71b8ab069313f14934487be4b73445341e9791f9214

    • SHA512

      9e4e91d22e7996118b18f4d8683734fb3b8101a91ff628db9b8c757dcb04252d1ca28c0b93fb6665a93c98503b2d4f3aeef44b75ffc1e8798b65d2ad598f2449

    • SSDEEP

      24576:eSDlhY3WHL7CVhNQqQ33Kj7aXBbE0jiaCt5h6fpW:e4bQYXFZpu1e

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks