General

  • Target

    a40f9507194d74cc995233ecae3f4ede

  • Size

    820KB

  • Sample

    240225-r7dgmseh7z

  • MD5

    a40f9507194d74cc995233ecae3f4ede

  • SHA1

    374f8e7a303ef0b543855ecef3fa2fa0ef02cf3c

  • SHA256

    55db845c013b875a59da9c6c15c718d449c7198789a3ff237ef1e2736b581db5

  • SHA512

    c91b00e283546537cf7053875ea98fb7e1f9a2248500b1b3cef283dcd81ed1ba18e4bb92b78a9e7114550e0de5de57408a650bfc7685d9f9e132331c7ea35d42

  • SSDEEP

    24576:f3nbWmJVJFwSddIXvfhqbiaxvRFqLD0QZh9u:famdZdcBYD

Malware Config

Targets

    • Target

      a40f9507194d74cc995233ecae3f4ede

    • Size

      820KB

    • MD5

      a40f9507194d74cc995233ecae3f4ede

    • SHA1

      374f8e7a303ef0b543855ecef3fa2fa0ef02cf3c

    • SHA256

      55db845c013b875a59da9c6c15c718d449c7198789a3ff237ef1e2736b581db5

    • SHA512

      c91b00e283546537cf7053875ea98fb7e1f9a2248500b1b3cef283dcd81ed1ba18e4bb92b78a9e7114550e0de5de57408a650bfc7685d9f9e132331c7ea35d42

    • SSDEEP

      24576:f3nbWmJVJFwSddIXvfhqbiaxvRFqLD0QZh9u:famdZdcBYD

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks