General

  • Target

    53eb39706154d7bb0fee6a32a5238f7f0b3902d11d92c83199172e3e9919ad55

  • Size

    3.8MB

  • Sample

    241129-22zsssvrdm

  • MD5

    0d244a49cbe5075d37346129fa8ad89f

  • SHA1

    ab12bc2599cd8d048c8a15619e78b3952e4c80fa

  • SHA256

    53eb39706154d7bb0fee6a32a5238f7f0b3902d11d92c83199172e3e9919ad55

  • SHA512

    d6ffb026865c9d56a5665d4fdfcf747d83e8df283bfe0254cca360e14fa9aa5bf80afe940173cdb750487438430e44f5f8ff944798b9d9c2c3d7e098655a0658

  • SSDEEP

    98304:vJwakG4fYrq1HJvpliCQHawbzBbGSlaUEI96kdQDanpqHrO3ndI3/lL/v7zVwwX7:vJwakG4fYrq1HJvpliCQHawbzBbGSla1

Malware Config

Targets

    • Target

      53eb39706154d7bb0fee6a32a5238f7f0b3902d11d92c83199172e3e9919ad55

    • Size

      3.8MB

    • MD5

      0d244a49cbe5075d37346129fa8ad89f

    • SHA1

      ab12bc2599cd8d048c8a15619e78b3952e4c80fa

    • SHA256

      53eb39706154d7bb0fee6a32a5238f7f0b3902d11d92c83199172e3e9919ad55

    • SHA512

      d6ffb026865c9d56a5665d4fdfcf747d83e8df283bfe0254cca360e14fa9aa5bf80afe940173cdb750487438430e44f5f8ff944798b9d9c2c3d7e098655a0658

    • SSDEEP

      98304:vJwakG4fYrq1HJvpliCQHawbzBbGSlaUEI96kdQDanpqHrO3ndI3/lL/v7zVwwX7:vJwakG4fYrq1HJvpliCQHawbzBbGSla1

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks