General

  • Target

    fe47f321a2988420eecc3df5ab617a10N.exe

  • Size

    576KB

  • Sample

    240720-xjazhawanc

  • MD5

    fe47f321a2988420eecc3df5ab617a10

  • SHA1

    7a1ef9e0afa30b23be22a11ed1518ed7c2c4be10

  • SHA256

    bdce34b1e8cae9522227e64f6fe5cf9a011d5e30506f5bb6e4471d8737900caf

  • SHA512

    1388764142ba8f00a500440b3902ea229242e84c87bef4ba277ede01fc3d97495a1e2de01e0868c9f80c57d6a9ac055ea716936ca3b301ed1aa7fb4d6e92cb9c

  • SSDEEP

    12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSR:+NWPkHlUfBgpuPdWzyuDTifgyWlo

Malware Config

Targets

    • Target

      fe47f321a2988420eecc3df5ab617a10N.exe

    • Size

      576KB

    • MD5

      fe47f321a2988420eecc3df5ab617a10

    • SHA1

      7a1ef9e0afa30b23be22a11ed1518ed7c2c4be10

    • SHA256

      bdce34b1e8cae9522227e64f6fe5cf9a011d5e30506f5bb6e4471d8737900caf

    • SHA512

      1388764142ba8f00a500440b3902ea229242e84c87bef4ba277ede01fc3d97495a1e2de01e0868c9f80c57d6a9ac055ea716936ca3b301ed1aa7fb4d6e92cb9c

    • SSDEEP

      12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSR:+NWPkHlUfBgpuPdWzyuDTifgyWlo

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks