Overview

overview

10

Static

static

e9371a8c9c...f5.exe

windows7_x64

10

e9371a8c9c...f5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e9371a8c9c83ad906a9c2c4f363a5ed6b7804c4a1ab229b2a3acc0c2ea5e77f5

  • Size

    524KB

  • Sample

    210515-ta71dy412e

  • MD5

    cce1ab2f6d29d6836051157b6e6c94da

  • SHA1

    9b75c57dc5d8eb679a18795c40e8f676319af86a

  • SHA256

    e9371a8c9c83ad906a9c2c4f363a5ed6b7804c4a1ab229b2a3acc0c2ea5e77f5

  • SHA512

    4b1958aa1bfd4833dfcd85fc46b6035d5681d8fc51e81da4ecb4239264799f48118a32a717a1dcd2b1c8e0195f797edfb3504c25c00dcce2db0456684c02b95c

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      e9371a8c9c83ad906a9c2c4f363a5ed6b7804c4a1ab229b2a3acc0c2ea5e77f5

    • Size

      524KB

    • MD5

      cce1ab2f6d29d6836051157b6e6c94da

    • SHA1

      9b75c57dc5d8eb679a18795c40e8f676319af86a

    • SHA256

      e9371a8c9c83ad906a9c2c4f363a5ed6b7804c4a1ab229b2a3acc0c2ea5e77f5

    • SHA512

      4b1958aa1bfd4833dfcd85fc46b6035d5681d8fc51e81da4ecb4239264799f48118a32a717a1dcd2b1c8e0195f797edfb3504c25c00dcce2db0456684c02b95c

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks