General

  • Target

    0fbee246d15b6edd2dda915775e95d6b50afeede3f532f8e938ada928031b5ddN.exe

  • Size

    3.8MB

  • Sample

    241201-ycxelavjcj

  • MD5

    10372f7dac078227c18a03af76ae7b80

  • SHA1

    5588b19f0b94b96954f3244548ae92dd83f275fd

  • SHA256

    0fbee246d15b6edd2dda915775e95d6b50afeede3f532f8e938ada928031b5dd

  • SHA512

    cae544c65bbb86878e476aea2fb1d7c843cd737625780999dc2b9143ea55deb8a3dcfa0bff4a0f0b880402417843770322247f576b9e84bd56750a47abefe9df

  • SSDEEP

    98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qg:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSii

Malware Config

Targets

    • Target

      0fbee246d15b6edd2dda915775e95d6b50afeede3f532f8e938ada928031b5ddN.exe

    • Size

      3.8MB

    • MD5

      10372f7dac078227c18a03af76ae7b80

    • SHA1

      5588b19f0b94b96954f3244548ae92dd83f275fd

    • SHA256

      0fbee246d15b6edd2dda915775e95d6b50afeede3f532f8e938ada928031b5dd

    • SHA512

      cae544c65bbb86878e476aea2fb1d7c843cd737625780999dc2b9143ea55deb8a3dcfa0bff4a0f0b880402417843770322247f576b9e84bd56750a47abefe9df

    • SSDEEP

      98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qg:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSii

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks