General

  • Target

    4910f222d85a166fd1e592fba2e34770N.exe

  • Size

    576KB

  • Sample

    240722-cymxdsvenf

  • MD5

    4910f222d85a166fd1e592fba2e34770

  • SHA1

    ceaf1d364efbe03a29a15a0f19afd08318cce395

  • SHA256

    301c9a9b0936d1ea247feb4acc049a46dc07c793424424256cabcbdc2fdd0f34

  • SHA512

    95995d63b99ef2ae792c698648e0b380ccf0e02e18283bdfae00435553f70370a20c7b5f9e51b238a5db782358dcbbf9c8357b92868f15472edfa65cd67af926

  • SSDEEP

    12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSI:+NWPkHlUfBgpuPdWzyuDTifgyWlR

Malware Config

Targets

    • Target

      4910f222d85a166fd1e592fba2e34770N.exe

    • Size

      576KB

    • MD5

      4910f222d85a166fd1e592fba2e34770

    • SHA1

      ceaf1d364efbe03a29a15a0f19afd08318cce395

    • SHA256

      301c9a9b0936d1ea247feb4acc049a46dc07c793424424256cabcbdc2fdd0f34

    • SHA512

      95995d63b99ef2ae792c698648e0b380ccf0e02e18283bdfae00435553f70370a20c7b5f9e51b238a5db782358dcbbf9c8357b92868f15472edfa65cd67af926

    • SSDEEP

      12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSI:+NWPkHlUfBgpuPdWzyuDTifgyWlR

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks