General

  • Target

    e3a163607c77078735e94a225f168dc8efac90e4c112fbaded3881459666fa63N

  • Size

    3.8MB

  • Sample

    241031-qdj7naxlew

  • MD5

    9a730aeb6145bf3f87bb2da0906d2d80

  • SHA1

    13b1dc7b06c67f149f27e8ad9021d768c46aebb7

  • SHA256

    e3a163607c77078735e94a225f168dc8efac90e4c112fbaded3881459666fa63

  • SHA512

    ff44c9d7428af82bfc759a3730dd20ec51a4614108f7dac944dfcc1d4fabdb07b8db8814aea980101c7e4668a30f3f2a16ed1f1a64bd276d7bd0a3eb0c094d4e

  • SSDEEP

    98304:vJwakG4fYrq1HJvpliCQHawbzBbGSlaUEI96kdQDanpqHrO3ndI3/lL/v7zVwwXl:vJwakG4fYrq1HJvpliCQHawbzBbGSlaj

Malware Config

Targets

    • Target

      e3a163607c77078735e94a225f168dc8efac90e4c112fbaded3881459666fa63N

    • Size

      3.8MB

    • MD5

      9a730aeb6145bf3f87bb2da0906d2d80

    • SHA1

      13b1dc7b06c67f149f27e8ad9021d768c46aebb7

    • SHA256

      e3a163607c77078735e94a225f168dc8efac90e4c112fbaded3881459666fa63

    • SHA512

      ff44c9d7428af82bfc759a3730dd20ec51a4614108f7dac944dfcc1d4fabdb07b8db8814aea980101c7e4668a30f3f2a16ed1f1a64bd276d7bd0a3eb0c094d4e

    • SSDEEP

      98304:vJwakG4fYrq1HJvpliCQHawbzBbGSlaUEI96kdQDanpqHrO3ndI3/lL/v7zVwwXl:vJwakG4fYrq1HJvpliCQHawbzBbGSlaj

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks