General

  • Target

    0ac425e856ff451cd61399325e9d1a52.bin

  • Size

    529KB

  • Sample

    240626-bzd57szarl

  • MD5

    0ac425e856ff451cd61399325e9d1a52

  • SHA1

    0840718fecf6d060bd8773bf5eeeef81e5628b7c

  • SHA256

    48ce65f0dbe42922716e4335720aae89a15abd9a21a287a6cabb11b0317b5ab0

  • SHA512

    9a946af514eb9535a6e8137275b421080ced3a21cad097a4ab8a85c14c3b60340b5dc4827a0faac2deb239d3877ae67bb5c9796126dd6ae2726fe1e660a13750

  • SSDEEP

    12288:za/0zI6S3Ifs3WHjoPtfEmYNfdj6Jy16dr4RkRD4srnOaGNwsImWpz:vI3x3yj7FZd+JyurmkR0sL+NwsR2z

Malware Config

Targets

    • Target

      0ac425e856ff451cd61399325e9d1a52.bin

    • Size

      529KB

    • MD5

      0ac425e856ff451cd61399325e9d1a52

    • SHA1

      0840718fecf6d060bd8773bf5eeeef81e5628b7c

    • SHA256

      48ce65f0dbe42922716e4335720aae89a15abd9a21a287a6cabb11b0317b5ab0

    • SHA512

      9a946af514eb9535a6e8137275b421080ced3a21cad097a4ab8a85c14c3b60340b5dc4827a0faac2deb239d3877ae67bb5c9796126dd6ae2726fe1e660a13750

    • SSDEEP

      12288:za/0zI6S3Ifs3WHjoPtfEmYNfdj6Jy16dr4RkRD4srnOaGNwsImWpz:vI3x3yj7FZd+JyurmkR0sL+NwsR2z

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks