General

  • Target

    a44e866d712e883d41e17abf68c79f2b

  • Size

    754KB

  • Sample

    240225-vgbf5sgd93

  • MD5

    a44e866d712e883d41e17abf68c79f2b

  • SHA1

    c1dbfaf2fbe83dfd1efc025a6bd631b1d0d1a59f

  • SHA256

    dd10760bfe828b03b8288f2d9d3255a9f186c382cf36edc785c0d5f333071f23

  • SHA512

    22eea8ef8f9057f5901017c4649b51a279be2e0817a49e2caebdd5ea180e4d8536b3f176cc88895433c4b9463260aad0270db02fd4813e572a46ef78485841cf

  • SSDEEP

    12288:qFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJR:+3nbWmJVJFwSddIXvfhqbiaxvRxq9

Malware Config

Targets

    • Target

      a44e866d712e883d41e17abf68c79f2b

    • Size

      754KB

    • MD5

      a44e866d712e883d41e17abf68c79f2b

    • SHA1

      c1dbfaf2fbe83dfd1efc025a6bd631b1d0d1a59f

    • SHA256

      dd10760bfe828b03b8288f2d9d3255a9f186c382cf36edc785c0d5f333071f23

    • SHA512

      22eea8ef8f9057f5901017c4649b51a279be2e0817a49e2caebdd5ea180e4d8536b3f176cc88895433c4b9463260aad0270db02fd4813e572a46ef78485841cf

    • SSDEEP

      12288:qFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJR:+3nbWmJVJFwSddIXvfhqbiaxvRxq9

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks