General
-
Target
d40df8d47389675ba8d5a8b369cc4b2aec520170583244e074c9e9c2e468cdbd
-
Size
820KB
-
Sample
250113-hpglxatnbr
-
MD5
0f83b0446f0a49a4486fedbae63a087d
-
SHA1
0367b28dd6c9c9ec3e98b303ef8bb0d5fe2fd24b
-
SHA256
d40df8d47389675ba8d5a8b369cc4b2aec520170583244e074c9e9c2e468cdbd
-
SHA512
dd15775494c7972e3d62ff1bad72defe199a39749942aa62214b451ab3b23a43951f211838a6f08698d3fc12920423bee6816517ce38d4737a777b9295df5648
-
SSDEEP
12288:AFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJLnk:w3nbWmJVJFwSddIXvfhqbiaxvRxq9Jk
Malware Config
Targets
-
-
Target
d40df8d47389675ba8d5a8b369cc4b2aec520170583244e074c9e9c2e468cdbd
-
Size
820KB
-
MD5
0f83b0446f0a49a4486fedbae63a087d
-
SHA1
0367b28dd6c9c9ec3e98b303ef8bb0d5fe2fd24b
-
SHA256
d40df8d47389675ba8d5a8b369cc4b2aec520170583244e074c9e9c2e468cdbd
-
SHA512
dd15775494c7972e3d62ff1bad72defe199a39749942aa62214b451ab3b23a43951f211838a6f08698d3fc12920423bee6816517ce38d4737a777b9295df5648
-
SSDEEP
12288:AFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJLnk:w3nbWmJVJFwSddIXvfhqbiaxvRxq9Jk
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1