Overview

overview

10

Static

static

8

4ec1a6802b...0b.exe

windows7_x64

10

4ec1a6802b...0b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ec1a6802b035f8ea1685fd57cf98a6571c968a8c36244cd775a92a72a83610b

  • Size

    559KB

  • Sample

    201109-wb7ybpvc1n

  • MD5

    68d4862582ead747c602162f317e6af2

  • SHA1

    72d5522daaba8b1163405d52a3ed053c2735c0b5

  • SHA256

    4ec1a6802b035f8ea1685fd57cf98a6571c968a8c36244cd775a92a72a83610b

  • SHA512

    16b19b016b78a3825c3aa3568ce540689dcaac40879f5f0af6ec492d774d2a016617c50f2d9969b59da55a7425f1c99e1636de5c9ef7ef9a4e13b2132474e00f

Score
10/10
darkcometpersistencerattrojanupx

Malware Config

Targets

    • Target

      4ec1a6802b035f8ea1685fd57cf98a6571c968a8c36244cd775a92a72a83610b

    • Size

      559KB

    • MD5

      68d4862582ead747c602162f317e6af2

    • SHA1

      72d5522daaba8b1163405d52a3ed053c2735c0b5

    • SHA256

      4ec1a6802b035f8ea1685fd57cf98a6571c968a8c36244cd775a92a72a83610b

    • SHA512

      16b19b016b78a3825c3aa3568ce540689dcaac40879f5f0af6ec492d774d2a016617c50f2d9969b59da55a7425f1c99e1636de5c9ef7ef9a4e13b2132474e00f

    Score
    10/10
    darkcometpersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks