Overview

overview

10

Static

static

7a8916c13c...f1.exe

windows7_x64

10

7a8916c13c...f1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a8916c13c6b816bc756134acdf71c4cb9f28e9dd0f6009783a84e2b26437af1

  • Size

    1.5MB

  • Sample

    210513-xc8jn3ssqj

  • MD5

    b4f71adf9ec04a2b87e7588d8af2ba9e

  • SHA1

    316b8b6e5a80eb8d2e061a80527ff7be6731c25e

  • SHA256

    7a8916c13c6b816bc756134acdf71c4cb9f28e9dd0f6009783a84e2b26437af1

  • SHA512

    36b1259f6769582ae28a14ebf64ac7c8133f5513f8595892a3eb3de8d71b12966967e67f82ea0a301bc91f9f912d79862905048853e22b26c070aaf9368908d2

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      7a8916c13c6b816bc756134acdf71c4cb9f28e9dd0f6009783a84e2b26437af1

    • Size

      1.5MB

    • MD5

      b4f71adf9ec04a2b87e7588d8af2ba9e

    • SHA1

      316b8b6e5a80eb8d2e061a80527ff7be6731c25e

    • SHA256

      7a8916c13c6b816bc756134acdf71c4cb9f28e9dd0f6009783a84e2b26437af1

    • SHA512

      36b1259f6769582ae28a14ebf64ac7c8133f5513f8595892a3eb3de8d71b12966967e67f82ea0a301bc91f9f912d79862905048853e22b26c070aaf9368908d2

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks