General

  • Target

    9f7c7417892038d37bd99bd4e83e2a56

  • Size

    985KB

  • Sample

    240216-fhw2xahh3s

  • MD5

    9f7c7417892038d37bd99bd4e83e2a56

  • SHA1

    2f41a5920bbd1456ad294d6ee71e77a51ecbd93a

  • SHA256

    06b58ac6d8483c0a672fad126b4fa634d1d7dac3aba1907cb5ccc817695f38ea

  • SHA512

    d1e2003e95f25854b3b4978f369a2e884322779b4ce22a388b8c3a30110802a6a908e2b7fab34a2502a99bb49a8d9c991884db11b855ac9b687019d15210ba54

  • SSDEEP

    24576:Q3nbWmJVJFwSddIXvfhqbiaxvRxq9LeY80d:mamdZdcBYS9N

Malware Config

Targets

    • Target

      9f7c7417892038d37bd99bd4e83e2a56

    • Size

      985KB

    • MD5

      9f7c7417892038d37bd99bd4e83e2a56

    • SHA1

      2f41a5920bbd1456ad294d6ee71e77a51ecbd93a

    • SHA256

      06b58ac6d8483c0a672fad126b4fa634d1d7dac3aba1907cb5ccc817695f38ea

    • SHA512

      d1e2003e95f25854b3b4978f369a2e884322779b4ce22a388b8c3a30110802a6a908e2b7fab34a2502a99bb49a8d9c991884db11b855ac9b687019d15210ba54

    • SSDEEP

      24576:Q3nbWmJVJFwSddIXvfhqbiaxvRxq9LeY80d:mamdZdcBYS9N

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks