General

  • Target

    d9c99d8f9fb1e88db8da1bb29acb88e2c9a944b1aa1b068930aa46060f7c305d

  • Size

    3.8MB

  • Sample

    241223-d953savpgv

  • MD5

    1b0941e492d84e91ea8cbef6903da5a1

  • SHA1

    56ef6fd3b1b40b1facb4e0c618d055a1d7cd1fc0

  • SHA256

    d9c99d8f9fb1e88db8da1bb29acb88e2c9a944b1aa1b068930aa46060f7c305d

  • SHA512

    4698ce8c0d0003fa8ff3a9dbb6a83dea1331a78f613bac2c713720c582a1f8c0ebb84089048dbbd82d52e356cfd73ee8e09f67b415dd20e445465aa144434332

  • SSDEEP

    98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qJ:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiP

Malware Config

Targets

    • Target

      d9c99d8f9fb1e88db8da1bb29acb88e2c9a944b1aa1b068930aa46060f7c305d

    • Size

      3.8MB

    • MD5

      1b0941e492d84e91ea8cbef6903da5a1

    • SHA1

      56ef6fd3b1b40b1facb4e0c618d055a1d7cd1fc0

    • SHA256

      d9c99d8f9fb1e88db8da1bb29acb88e2c9a944b1aa1b068930aa46060f7c305d

    • SHA512

      4698ce8c0d0003fa8ff3a9dbb6a83dea1331a78f613bac2c713720c582a1f8c0ebb84089048dbbd82d52e356cfd73ee8e09f67b415dd20e445465aa144434332

    • SSDEEP

      98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qJ:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiP

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks