General

  • Target

    df7d2429d776feca3a3ad616d956446e94498339c09f9751f1c50a80c9cd80ba

  • Size

    576KB

  • Sample

    241207-d8mvtatqh1

  • MD5

    649266098254b2bb9ff310ec049f6fed

  • SHA1

    ceea2478fe0677e7da1f4551309dce57e745f8a1

  • SHA256

    df7d2429d776feca3a3ad616d956446e94498339c09f9751f1c50a80c9cd80ba

  • SHA512

    f1dffb8a81be32dfc83dd29881d89f5cf33b7f5e300a21b80f30535dccc14b941118d1e30823ea645268346293db67df6b59a0456b0271150653abb67e9b7670

  • SSDEEP

    12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSP:+NWPkHlUfBgpuPdWzyuDTifgyWlg

Malware Config

Targets

    • Target

      df7d2429d776feca3a3ad616d956446e94498339c09f9751f1c50a80c9cd80ba

    • Size

      576KB

    • MD5

      649266098254b2bb9ff310ec049f6fed

    • SHA1

      ceea2478fe0677e7da1f4551309dce57e745f8a1

    • SHA256

      df7d2429d776feca3a3ad616d956446e94498339c09f9751f1c50a80c9cd80ba

    • SHA512

      f1dffb8a81be32dfc83dd29881d89f5cf33b7f5e300a21b80f30535dccc14b941118d1e30823ea645268346293db67df6b59a0456b0271150653abb67e9b7670

    • SSDEEP

      12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoSP:+NWPkHlUfBgpuPdWzyuDTifgyWlg

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks