General

  • Target

    eb2815a375facd439742c7f4c3c6e578c1f74c74fbd78624f6eb07f407e3de89N

  • Size

    576KB

  • Sample

    241108-y1sfjsygmm

  • MD5

    5410d97f00390baa17c1b0bedcbff780

  • SHA1

    709dc50b14f572ae7d9c9f9d7fb8cf01677f5ebc

  • SHA256

    eb2815a375facd439742c7f4c3c6e578c1f74c74fbd78624f6eb07f407e3de89

  • SHA512

    65275e74dbe8de6032595837b069a82a1e0e2d5308193c15e8ce4cfa8b532895fde2f240087e9f4a16281c2c1a76e8fcfd033adcb2b8de994b52dae2bd1ebfd1

  • SSDEEP

    12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSO:+NWPkHlUfBgpuPdWzyuDTifgyWlP

Malware Config

Targets

    • Target

      eb2815a375facd439742c7f4c3c6e578c1f74c74fbd78624f6eb07f407e3de89N

    • Size

      576KB

    • MD5

      5410d97f00390baa17c1b0bedcbff780

    • SHA1

      709dc50b14f572ae7d9c9f9d7fb8cf01677f5ebc

    • SHA256

      eb2815a375facd439742c7f4c3c6e578c1f74c74fbd78624f6eb07f407e3de89

    • SHA512

      65275e74dbe8de6032595837b069a82a1e0e2d5308193c15e8ce4cfa8b532895fde2f240087e9f4a16281c2c1a76e8fcfd033adcb2b8de994b52dae2bd1ebfd1

    • SSDEEP

      12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSO:+NWPkHlUfBgpuPdWzyuDTifgyWlP

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks