General

  • Target

    df56f0c9d0007f5125d92cfd481e21760d41eb10a92009ce1ab6d5da01140687

  • Size

    576KB

  • Sample

    241125-fefkravpfm

  • MD5

    6385129ecaf875fa5b4a1d0b2a4a4a34

  • SHA1

    bc93685b3334d8a007344e7e330dd6550322febd

  • SHA256

    df56f0c9d0007f5125d92cfd481e21760d41eb10a92009ce1ab6d5da01140687

  • SHA512

    dab9ffd159b7413630302ae050d5a50b4340075a1d34e005d86373a42b60e09c2ba63197e8d4c1d824b8ccad2a29b41b72e3c30e337918aa0c2fe610f4e609f3

  • SSDEEP

    12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoS5:+NWPkHlUfBgpuPdWzyuDTifgyWlw

Malware Config

Targets

    • Target

      df56f0c9d0007f5125d92cfd481e21760d41eb10a92009ce1ab6d5da01140687

    • Size

      576KB

    • MD5

      6385129ecaf875fa5b4a1d0b2a4a4a34

    • SHA1

      bc93685b3334d8a007344e7e330dd6550322febd

    • SHA256

      df56f0c9d0007f5125d92cfd481e21760d41eb10a92009ce1ab6d5da01140687

    • SHA512

      dab9ffd159b7413630302ae050d5a50b4340075a1d34e005d86373a42b60e09c2ba63197e8d4c1d824b8ccad2a29b41b72e3c30e337918aa0c2fe610f4e609f3

    • SSDEEP

      12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoS5:+NWPkHlUfBgpuPdWzyuDTifgyWlw

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks