General

  • Target

    142d431993574c78acde528bb6469d3c80e49ee47572d7ff9f088df69e4f5febN.exe

  • Size

    713KB

  • Sample

    241216-h9svnszphy

  • MD5

    eacdf44b3ff0b6fe78b5c340a10ceeb0

  • SHA1

    87869f32f95413333f348dc861fefc0b0a7217ce

  • SHA256

    142d431993574c78acde528bb6469d3c80e49ee47572d7ff9f088df69e4f5feb

  • SHA512

    cee8bbb1266d068ef094c7fa4044a66dd2483c2e744ac6dadb3dedddb6d8cdfb300796ff1d72bdd347c917690f7f096edb8cc59c434b720c1551de18d0ae292c

  • SSDEEP

    12288:29AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKl6/:MAQ6Zx9cxTmOrucTIEFSpOG7/

Malware Config

Targets

    • Target

      142d431993574c78acde528bb6469d3c80e49ee47572d7ff9f088df69e4f5febN.exe

    • Size

      713KB

    • MD5

      eacdf44b3ff0b6fe78b5c340a10ceeb0

    • SHA1

      87869f32f95413333f348dc861fefc0b0a7217ce

    • SHA256

      142d431993574c78acde528bb6469d3c80e49ee47572d7ff9f088df69e4f5feb

    • SHA512

      cee8bbb1266d068ef094c7fa4044a66dd2483c2e744ac6dadb3dedddb6d8cdfb300796ff1d72bdd347c917690f7f096edb8cc59c434b720c1551de18d0ae292c

    • SSDEEP

      12288:29AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKl6/:MAQ6Zx9cxTmOrucTIEFSpOG7/

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks