General

  • Target

    24628b984b3ffc419280b75cc4b7a44e4dcfa2ef836aa6d6b36e01787bccc034N.exe

  • Size

    891KB

  • Sample

    241130-ems1dawkbq

  • MD5

    296716d3fe38809cd1b25f46da59dd90

  • SHA1

    3bc6aea87cf33d17f71ce91118f5257338288835

  • SHA256

    24628b984b3ffc419280b75cc4b7a44e4dcfa2ef836aa6d6b36e01787bccc034

  • SHA512

    307ebc7c641ec073c2a7ed42310e6a07d5c454825c445704f57298c0b64fe7e871bb7e846613216197ee1f9221486d462be390fd56352bee5675d4b2ec02b6fa

  • SSDEEP

    24576:9fHK4ne0H220E81P/RQmKEhQSt+TrLQse4xoQQZn:dXl3eb1g1CQQ

Malware Config

Targets

    • Target

      24628b984b3ffc419280b75cc4b7a44e4dcfa2ef836aa6d6b36e01787bccc034N.exe

    • Size

      891KB

    • MD5

      296716d3fe38809cd1b25f46da59dd90

    • SHA1

      3bc6aea87cf33d17f71ce91118f5257338288835

    • SHA256

      24628b984b3ffc419280b75cc4b7a44e4dcfa2ef836aa6d6b36e01787bccc034

    • SHA512

      307ebc7c641ec073c2a7ed42310e6a07d5c454825c445704f57298c0b64fe7e871bb7e846613216197ee1f9221486d462be390fd56352bee5675d4b2ec02b6fa

    • SSDEEP

      24576:9fHK4ne0H220E81P/RQmKEhQSt+TrLQse4xoQQZn:dXl3eb1g1CQQ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks