General

  • Target

    da4aaa81fc38bce014f69ba314797fdb2c1cb1433916a751899d048448fa8731

  • Size

    592KB

  • Sample

    240626-d8sfaswamp

  • MD5

    7468b2d95e504bafaa051f4bf1621949

  • SHA1

    b1fd0dbdaa7c1e3c6c6e29649e83e8283832c4a2

  • SHA256

    da4aaa81fc38bce014f69ba314797fdb2c1cb1433916a751899d048448fa8731

  • SHA512

    4c6d09ffc64a8e1b10a06576a01e30897378a09fc8ee3a0072d7fb1e77cb81fefc9ca222c032f7c2da9e71b128e3d24fd5c2736e5a35860ccb99f5ca52f55d3b

  • SSDEEP

    12288:wcWRJxhIUKofd9S88itJsL6s8GwUF81yn0FI/6IC0XoSE:TW/xhIUKofSytJsL6HUP0OHC7

Malware Config

Targets

    • Target

      da4aaa81fc38bce014f69ba314797fdb2c1cb1433916a751899d048448fa8731

    • Size

      592KB

    • MD5

      7468b2d95e504bafaa051f4bf1621949

    • SHA1

      b1fd0dbdaa7c1e3c6c6e29649e83e8283832c4a2

    • SHA256

      da4aaa81fc38bce014f69ba314797fdb2c1cb1433916a751899d048448fa8731

    • SHA512

      4c6d09ffc64a8e1b10a06576a01e30897378a09fc8ee3a0072d7fb1e77cb81fefc9ca222c032f7c2da9e71b128e3d24fd5c2736e5a35860ccb99f5ca52f55d3b

    • SSDEEP

      12288:wcWRJxhIUKofd9S88itJsL6s8GwUF81yn0FI/6IC0XoSE:TW/xhIUKofSytJsL6HUP0OHC7

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX dump on OEP (original entry point)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks