General

  • Target

    d4452836743d5f1bc2c323517e0d2ae122e246f4c39e11b557914416cca44cca.exe

  • Size

    576KB

  • Sample

    241205-ay2pfayqg1

  • MD5

    e1c80eaa00547ec4390fd762d0e5ffe3

  • SHA1

    367ed11958e149173816d14681ccbfef6f877f8e

  • SHA256

    d4452836743d5f1bc2c323517e0d2ae122e246f4c39e11b557914416cca44cca

  • SHA512

    308f78566625f67e59f4c561b5bc53cc022a55d6314d2d449bf5d272a76dfb5e8b0505d72120d7bc25040f241e65b7fb2a7ea349499e7ae29b77c3ca24ee738c

  • SSDEEP

    12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSt:+NWPkHlUfBgpuPdWzyuDTifgyWls

Malware Config

Targets

    • Target

      d4452836743d5f1bc2c323517e0d2ae122e246f4c39e11b557914416cca44cca.exe

    • Size

      576KB

    • MD5

      e1c80eaa00547ec4390fd762d0e5ffe3

    • SHA1

      367ed11958e149173816d14681ccbfef6f877f8e

    • SHA256

      d4452836743d5f1bc2c323517e0d2ae122e246f4c39e11b557914416cca44cca

    • SHA512

      308f78566625f67e59f4c561b5bc53cc022a55d6314d2d449bf5d272a76dfb5e8b0505d72120d7bc25040f241e65b7fb2a7ea349499e7ae29b77c3ca24ee738c

    • SSDEEP

      12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSt:+NWPkHlUfBgpuPdWzyuDTifgyWls

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks