General
-
Target
102e1d4abab91d71ef3c2daa82b63091f640cb4dd28603770198df5d971394cf.exe
-
Size
714KB
-
Sample
241217-w8rswatrbt
-
MD5
15a8803fba095e563aab42c8b0b16c92
-
SHA1
106790e1f9cbb58a32e05b0be8e94ba068fd1231
-
SHA256
102e1d4abab91d71ef3c2daa82b63091f640cb4dd28603770198df5d971394cf
-
SHA512
dc7f0456068a5ee49f70e1a83c52b60073403d216f56c27041f6001d260ec2e13c2570d772d279b38c20fe8db5e5712484f30a2e64b8ae41657079ebd9d53159
-
SSDEEP
12288:GaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdU:XAEENIq8XwyVPQclDq/+WnpsSU
Malware Config
Targets
-
-
Target
102e1d4abab91d71ef3c2daa82b63091f640cb4dd28603770198df5d971394cf.exe
-
Size
714KB
-
MD5
15a8803fba095e563aab42c8b0b16c92
-
SHA1
106790e1f9cbb58a32e05b0be8e94ba068fd1231
-
SHA256
102e1d4abab91d71ef3c2daa82b63091f640cb4dd28603770198df5d971394cf
-
SHA512
dc7f0456068a5ee49f70e1a83c52b60073403d216f56c27041f6001d260ec2e13c2570d772d279b38c20fe8db5e5712484f30a2e64b8ae41657079ebd9d53159
-
SSDEEP
12288:GaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdU:XAEENIq8XwyVPQclDq/+WnpsSU
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1