General

  • Target

    a4840b8f2041f1fadf39b9e758a98dbc

  • Size

    684KB

  • Sample

    240225-y68dysbd27

  • MD5

    a4840b8f2041f1fadf39b9e758a98dbc

  • SHA1

    a95eb12a542ba5827ae8b861ce365de19d72548d

  • SHA256

    f545fcf708c93a719ed15112949bbb278418bfbbddc5ede52b4ed85d1f26ecb9

  • SHA512

    cb2ceb2380d182fe39f0159782313f00f0a54656418b702bec8ef5f5b220f756bc5e9f3e06159ec8caec5c3eca3961382eb6901f19d0796bde662fde00be62f2

  • SSDEEP

    12288:K9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKzZw:oAQ6Zx9cxTmOrucTIEFSpOG

Malware Config

Targets

    • Target

      a4840b8f2041f1fadf39b9e758a98dbc

    • Size

      684KB

    • MD5

      a4840b8f2041f1fadf39b9e758a98dbc

    • SHA1

      a95eb12a542ba5827ae8b861ce365de19d72548d

    • SHA256

      f545fcf708c93a719ed15112949bbb278418bfbbddc5ede52b4ed85d1f26ecb9

    • SHA512

      cb2ceb2380d182fe39f0159782313f00f0a54656418b702bec8ef5f5b220f756bc5e9f3e06159ec8caec5c3eca3961382eb6901f19d0796bde662fde00be62f2

    • SSDEEP

      12288:K9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKzZw:oAQ6Zx9cxTmOrucTIEFSpOG

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks