General

  • Target

    9d79976a30875657745f9813d916b66fee5153f4177bb487808f3b7f4ca783f3N.exe

  • Size

    659KB

  • Sample

    241217-j1xmyavmas

  • MD5

    ee0193c0477748c0de51b176c33f7380

  • SHA1

    e5903f8afe91aedca6af2b6bcb938317734b0f1f

  • SHA256

    9d79976a30875657745f9813d916b66fee5153f4177bb487808f3b7f4ca783f3

  • SHA512

    3938d63d21b141207c11d9baadf01321d2f47ffd6274f997379fd13d21da1e3bda0614ca44ecccefa4e26d7934b1078e9c9e8bd736af3d833d21962509c353a4

  • SSDEEP

    12288:nfAFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKp:fAQ6Zx9cxTmOrucTIEFSpOGk

Malware Config

Targets

    • Target

      9d79976a30875657745f9813d916b66fee5153f4177bb487808f3b7f4ca783f3N.exe

    • Size

      659KB

    • MD5

      ee0193c0477748c0de51b176c33f7380

    • SHA1

      e5903f8afe91aedca6af2b6bcb938317734b0f1f

    • SHA256

      9d79976a30875657745f9813d916b66fee5153f4177bb487808f3b7f4ca783f3

    • SHA512

      3938d63d21b141207c11d9baadf01321d2f47ffd6274f997379fd13d21da1e3bda0614ca44ecccefa4e26d7934b1078e9c9e8bd736af3d833d21962509c353a4

    • SSDEEP

      12288:nfAFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKp:fAQ6Zx9cxTmOrucTIEFSpOGk

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.