General

  • Target

    d836095ef4a7e6672d0b3103a311398ca07db68851a55e9613701f12c8536d3fN.exe

  • Size

    574KB

  • Sample

    241129-lygvtatqdm

  • MD5

    712375b869c3f6e5e7eac5cc4264add0

  • SHA1

    4d47f5a0d7bb7949faabfe5b93f86eed99f42f1e

  • SHA256

    d836095ef4a7e6672d0b3103a311398ca07db68851a55e9613701f12c8536d3f

  • SHA512

    5410bd951ce9f94c8a06e7ace7933a13600465862f8734e914b4b825460c0a79e27d76efa38b64f99d21a219f7c5ab8e5a89fb8a9d495bd7e4293314c8743dc3

  • SSDEEP

    12288:zCyEHAWAdljmJqkC3xMX85FSR2f9A08NIX+Vjwd4G/3z1ET4m3Hdsubf:zFhWAfn22m0eD1GPz8Hdxb

Malware Config

Targets

    • Target

      d836095ef4a7e6672d0b3103a311398ca07db68851a55e9613701f12c8536d3fN.exe

    • Size

      574KB

    • MD5

      712375b869c3f6e5e7eac5cc4264add0

    • SHA1

      4d47f5a0d7bb7949faabfe5b93f86eed99f42f1e

    • SHA256

      d836095ef4a7e6672d0b3103a311398ca07db68851a55e9613701f12c8536d3f

    • SHA512

      5410bd951ce9f94c8a06e7ace7933a13600465862f8734e914b4b825460c0a79e27d76efa38b64f99d21a219f7c5ab8e5a89fb8a9d495bd7e4293314c8743dc3

    • SSDEEP

      12288:zCyEHAWAdljmJqkC3xMX85FSR2f9A08NIX+Vjwd4G/3z1ET4m3Hdsubf:zFhWAfn22m0eD1GPz8Hdxb

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks