General

  • Target

    c4b4edf2ac59701590be75f9d02b11fddd586084420c444a715a74ff9f8742d5

  • Size

    559KB

  • Sample

    241201-dk3alazjal

  • MD5

    cadf614014ec051ac0e914fe108be6f8

  • SHA1

    2febf796842531616e1786534b9e5f1014ff226d

  • SHA256

    c4b4edf2ac59701590be75f9d02b11fddd586084420c444a715a74ff9f8742d5

  • SHA512

    a34b0ecc669eb070d403e2f3bfe5d8cb43a790241f6717ef971ca94a0c01031cf5f9cfc96e1ca7cfb281983ab0b0ffdf5f38dd1bcf63e5176511599d51d1ec31

  • SSDEEP

    12288:x+xOrozCCYaCphtIYJb6lzOqPpFOblme0pLLsbii9cWDeO7HtoNmKzoS2:COEzCFaCpAYJbwzOqPUlvOsmi9c8Slg

Malware Config

Targets

    • Target

      c4b4edf2ac59701590be75f9d02b11fddd586084420c444a715a74ff9f8742d5

    • Size

      559KB

    • MD5

      cadf614014ec051ac0e914fe108be6f8

    • SHA1

      2febf796842531616e1786534b9e5f1014ff226d

    • SHA256

      c4b4edf2ac59701590be75f9d02b11fddd586084420c444a715a74ff9f8742d5

    • SHA512

      a34b0ecc669eb070d403e2f3bfe5d8cb43a790241f6717ef971ca94a0c01031cf5f9cfc96e1ca7cfb281983ab0b0ffdf5f38dd1bcf63e5176511599d51d1ec31

    • SSDEEP

      12288:x+xOrozCCYaCphtIYJb6lzOqPpFOblme0pLLsbii9cWDeO7HtoNmKzoS2:COEzCFaCpAYJbwzOqPUlvOsmi9c8Slg

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks