Overview

overview

10

Static

static

8

5937cd8aab...ff.exe

windows7_x64

10

5937cd8aab...ff.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5937cd8aabc700645c698fa8a0255f0c30c77730a75714d36338ad6c2891caff

  • Size

    251KB

  • Sample

    201106-we3vaja9ze

  • MD5

    f5c272732c4a78380635cd7183260b56

  • SHA1

    69cfb96040c278e781351c3eb4d94656b317d60b

  • SHA256

    5937cd8aabc700645c698fa8a0255f0c30c77730a75714d36338ad6c2891caff

  • SHA512

    4c096759fe7aae04f4df0d72096eef12f73c27e78d08bbb9562507c1cbb99de1e28e872d7c3254c55e8c9609d65104e32ff2c3c817937667b08a92fa1baeb8c4

Score
10/10
darkcometevasionpersistencerattrojanupx

Malware Config

Targets

    • Target

      5937cd8aabc700645c698fa8a0255f0c30c77730a75714d36338ad6c2891caff

    • Size

      251KB

    • MD5

      f5c272732c4a78380635cd7183260b56

    • SHA1

      69cfb96040c278e781351c3eb4d94656b317d60b

    • SHA256

      5937cd8aabc700645c698fa8a0255f0c30c77730a75714d36338ad6c2891caff

    • SHA512

      4c096759fe7aae04f4df0d72096eef12f73c27e78d08bbb9562507c1cbb99de1e28e872d7c3254c55e8c9609d65104e32ff2c3c817937667b08a92fa1baeb8c4

    Score
    10/10
    darkcometevasionpersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Modifies security service

      evasion

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks