General

  • Target

    VirusShare_f0a5b6bb52a088b9b8ee76b341e58e2b

  • Size

    782KB

  • Sample

    240519-mteqbsef6v

  • MD5

    f0a5b6bb52a088b9b8ee76b341e58e2b

  • SHA1

    d362d5dee873c8c62489b95f4beb9fb7c5887ba4

  • SHA256

    5131d0642a54d02c54545e823e706b89be27243608a047c07349fbc30e07dde5

  • SHA512

    d06932744b4a7c156deaf76fe6cf64aea3ee4f5a4e7465674f710d5791296d0f66fa922267e137d7bc135e2d42c7efe97cffdda9ae922f678b260ded8c256a60

  • SSDEEP

    12288:o9y0Qed1VRfr655Kw6kRaDsaXz2QEPCJj7bo7C1OC40r24bvryRrQ4ZUCR:o9Ce3/s5b5sV06j7bYAl42n/yRMNC

Malware Config

Targets

    • Target

      VirusShare_f0a5b6bb52a088b9b8ee76b341e58e2b

    • Size

      782KB

    • MD5

      f0a5b6bb52a088b9b8ee76b341e58e2b

    • SHA1

      d362d5dee873c8c62489b95f4beb9fb7c5887ba4

    • SHA256

      5131d0642a54d02c54545e823e706b89be27243608a047c07349fbc30e07dde5

    • SHA512

      d06932744b4a7c156deaf76fe6cf64aea3ee4f5a4e7465674f710d5791296d0f66fa922267e137d7bc135e2d42c7efe97cffdda9ae922f678b260ded8c256a60

    • SSDEEP

      12288:o9y0Qed1VRfr655Kw6kRaDsaXz2QEPCJj7bo7C1OC40r24bvryRrQ4ZUCR:o9Ce3/s5b5sV06j7bYAl42n/yRMNC

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks