Overview

overview

10

Static

static

a6184cc11a...a3.exe

windows7_x64

10

a6184cc11a...a3.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6184cc11ae5e53a2c52fc668690561b0ed9b7217e0ff7c0b236bce30fba1da3

  • Size

    380KB

  • Sample

    200624-lvvnm1yvra

  • MD5

    3a1de19cc17db547d49f1abad2a51052

  • SHA1

    7375ed94a9743794c534af47bfdc392f9148b185

  • SHA256

    a6184cc11ae5e53a2c52fc668690561b0ed9b7217e0ff7c0b236bce30fba1da3

  • SHA512

    7b9cf2ef0d10f88b288903d0a9404577a6598d854f36b839b785ea3044f64d7d60da451a3ebc80f8002ab3d8126a2329e0e92c92f78d4a4d8c061bacb45ea5b3

Score
10/10
darkcometevasionpersistencerattrojanupx

Malware Config

Targets

    • Target

      a6184cc11ae5e53a2c52fc668690561b0ed9b7217e0ff7c0b236bce30fba1da3

    • Size

      380KB

    • MD5

      3a1de19cc17db547d49f1abad2a51052

    • SHA1

      7375ed94a9743794c534af47bfdc392f9148b185

    • SHA256

      a6184cc11ae5e53a2c52fc668690561b0ed9b7217e0ff7c0b236bce30fba1da3

    • SHA512

      7b9cf2ef0d10f88b288903d0a9404577a6598d854f36b839b785ea3044f64d7d60da451a3ebc80f8002ab3d8126a2329e0e92c92f78d4a4d8c061bacb45ea5b3

    Score
    10/10
    darkcometevasionpersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks