General

  • Target

    a41431099989b44359273216072f8295

  • Size

    732KB

  • Sample

    240225-scea5aeb78

  • MD5

    a41431099989b44359273216072f8295

  • SHA1

    2305142ed64ee41518ee0e0391723d316d9731bd

  • SHA256

    411c69fb7d314fc4459925b38828f0fc88ac4a176a73959f629d573aa93c7349

  • SHA512

    9d455d178860baeb49b73df4a306cd6fbfb472d30ee80478e3eaaabdfe4d4cf26c74785dbeafdd889337ab9fa37e3baec3cbc690e9f7790f8bd0e2789f7cb610

  • SSDEEP

    12288:8pwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/4:GwAcu99lPzvxP+Bsz2XjWTRMQckkIXnw

Malware Config

Targets

    • Target

      a41431099989b44359273216072f8295

    • Size

      732KB

    • MD5

      a41431099989b44359273216072f8295

    • SHA1

      2305142ed64ee41518ee0e0391723d316d9731bd

    • SHA256

      411c69fb7d314fc4459925b38828f0fc88ac4a176a73959f629d573aa93c7349

    • SHA512

      9d455d178860baeb49b73df4a306cd6fbfb472d30ee80478e3eaaabdfe4d4cf26c74785dbeafdd889337ab9fa37e3baec3cbc690e9f7790f8bd0e2789f7cb610

    • SSDEEP

      12288:8pwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/4:GwAcu99lPzvxP+Bsz2XjWTRMQckkIXnw

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks