General

  • Target

    6e962c8259b97e2eceb079e94f3134dc042425f28ba6cfe833bc0c969cbb061b

  • Size

    576KB

  • Sample

    241108-ae896s1bnj

  • MD5

    8ad3f4862f03a3a6f3de323aa6a35773

  • SHA1

    9cc02248c1981675af5005931aeae0e323315f61

  • SHA256

    6e962c8259b97e2eceb079e94f3134dc042425f28ba6cfe833bc0c969cbb061b

  • SHA512

    072373bb7d8da44db44efda7cd3608ff1fab68d39734124caee59b9cf4ec4bcc76c72c5247faddb2726cb249b24235ec2c678c6b6379a5054a4b5cf089691314

  • SSDEEP

    12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSm:+NWPkHlUfBgpuPdWzyuDTifgyWlH

Malware Config

Targets

    • Target

      6e962c8259b97e2eceb079e94f3134dc042425f28ba6cfe833bc0c969cbb061b

    • Size

      576KB

    • MD5

      8ad3f4862f03a3a6f3de323aa6a35773

    • SHA1

      9cc02248c1981675af5005931aeae0e323315f61

    • SHA256

      6e962c8259b97e2eceb079e94f3134dc042425f28ba6cfe833bc0c969cbb061b

    • SHA512

      072373bb7d8da44db44efda7cd3608ff1fab68d39734124caee59b9cf4ec4bcc76c72c5247faddb2726cb249b24235ec2c678c6b6379a5054a4b5cf089691314

    • SSDEEP

      12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSm:+NWPkHlUfBgpuPdWzyuDTifgyWlH

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks