General

  • Target

    a6d0467395e81455f6b079568faf913b

  • Size

    804KB

  • Sample

    240226-t2a6fabb2z

  • MD5

    a6d0467395e81455f6b079568faf913b

  • SHA1

    dd454bca5a905c0ffd09f2b03fffe16f8be63aa9

  • SHA256

    867405e2fe37fcc2d1c0f619ec829393203fc3f18d87fcbae1a884f37e8d081d

  • SHA512

    63b4d5d14d0a4415468bebfc103e9324275078aca981853a8d42204c67173600183819a25a91dc43a2cf4f1cbf10efd17273fc3c5edfa5dd462dc4cdb5a279ee

  • SSDEEP

    24576:VdPTtcIbM0SBTC13R2LKXgf9u0G/b5nCjX:VdPtM5BYR2LKQFGV+

Malware Config

Targets

    • Target

      a6d0467395e81455f6b079568faf913b

    • Size

      804KB

    • MD5

      a6d0467395e81455f6b079568faf913b

    • SHA1

      dd454bca5a905c0ffd09f2b03fffe16f8be63aa9

    • SHA256

      867405e2fe37fcc2d1c0f619ec829393203fc3f18d87fcbae1a884f37e8d081d

    • SHA512

      63b4d5d14d0a4415468bebfc103e9324275078aca981853a8d42204c67173600183819a25a91dc43a2cf4f1cbf10efd17273fc3c5edfa5dd462dc4cdb5a279ee

    • SSDEEP

      24576:VdPTtcIbM0SBTC13R2LKXgf9u0G/b5nCjX:VdPtM5BYR2LKQFGV+

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks