General

  • Target

    25cbd75e05da9cc66a050f3107668497de1bb0b4b37f3c65b94f14fba77668be

  • Size

    3.8MB

  • Sample

    250101-zr5vystpay

  • MD5

    3de6e51db11e90c1ec2b6dbb74e098a1

  • SHA1

    a97ead99a1b2179445abb75fe07fa10e1bbc8655

  • SHA256

    25cbd75e05da9cc66a050f3107668497de1bb0b4b37f3c65b94f14fba77668be

  • SHA512

    cfbbcf844c3210a22608639ad2929e0e44eb83f8ec4d1a2a8c649b3efec6d1adf522986768d135e5ab9eba69cbbc622f9ffeb89ed7622bbdad27e8f74b192d45

  • SSDEEP

    98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qN:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiT

Malware Config

Targets

    • Target

      25cbd75e05da9cc66a050f3107668497de1bb0b4b37f3c65b94f14fba77668be

    • Size

      3.8MB

    • MD5

      3de6e51db11e90c1ec2b6dbb74e098a1

    • SHA1

      a97ead99a1b2179445abb75fe07fa10e1bbc8655

    • SHA256

      25cbd75e05da9cc66a050f3107668497de1bb0b4b37f3c65b94f14fba77668be

    • SHA512

      cfbbcf844c3210a22608639ad2929e0e44eb83f8ec4d1a2a8c649b3efec6d1adf522986768d135e5ab9eba69cbbc622f9ffeb89ed7622bbdad27e8f74b192d45

    • SSDEEP

      98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qN:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiT

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks