General

  • Target

    a000d7e7ef9c1a618c637af55d34eb5b

  • Size

    848KB

  • Sample

    240216-k8ggcsfg28

  • MD5

    a000d7e7ef9c1a618c637af55d34eb5b

  • SHA1

    554dd684a37d8a56391d7e0660d598a28f01c1b8

  • SHA256

    15617bf15fa1f38e13a5159852f73c618adc1aef96d888da4720409d4fa14985

  • SHA512

    f293550f58ea9f220e644ef4f90e740569c4a85e929694fc6e446504ef797d641403449249bbaf9e9028749408c5cd13f8df053fcdab9bc1c1a45f1f54fa8639

  • SSDEEP

    24576:b5gYwQeG01TMrzplscGzmfgHjR5BjMbOQzgb6sEX:b5+QeL1TMrFlHGzmfWZMZEbZ

Malware Config

Targets

    • Target

      a000d7e7ef9c1a618c637af55d34eb5b

    • Size

      848KB

    • MD5

      a000d7e7ef9c1a618c637af55d34eb5b

    • SHA1

      554dd684a37d8a56391d7e0660d598a28f01c1b8

    • SHA256

      15617bf15fa1f38e13a5159852f73c618adc1aef96d888da4720409d4fa14985

    • SHA512

      f293550f58ea9f220e644ef4f90e740569c4a85e929694fc6e446504ef797d641403449249bbaf9e9028749408c5cd13f8df053fcdab9bc1c1a45f1f54fa8639

    • SSDEEP

      24576:b5gYwQeG01TMrzplscGzmfgHjR5BjMbOQzgb6sEX:b5+QeL1TMrFlHGzmfWZMZEbZ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks