Overview

overview

10

Static

static

3523339ebc...37.exe

windows7_x64

10

3523339ebc...37.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3523339ebc7b3e1cccb91d257246dbbe14d00677f3c2f3e8a2b55d1bfcd71537

  • Size

    1.9MB

  • Sample

    210515-xran9g7xnj

  • MD5

    be927e46036ef67a6c7db5b6dbb60f04

  • SHA1

    76c5698464ba86861f0abc1b01675712a334184a

  • SHA256

    3523339ebc7b3e1cccb91d257246dbbe14d00677f3c2f3e8a2b55d1bfcd71537

  • SHA512

    353c036537c9d0f63ddaf5a164f711a6e8079e72acd2f6a0d2ab63b7336d59c313c42bce8017a2fb5da060be141d4044ed928c6de46ce051891c52e24187e7c4

Score
10/10
darkcometpersistencerattrojanupx

Malware Config

Targets

    • Target

      3523339ebc7b3e1cccb91d257246dbbe14d00677f3c2f3e8a2b55d1bfcd71537

    • Size

      1.9MB

    • MD5

      be927e46036ef67a6c7db5b6dbb60f04

    • SHA1

      76c5698464ba86861f0abc1b01675712a334184a

    • SHA256

      3523339ebc7b3e1cccb91d257246dbbe14d00677f3c2f3e8a2b55d1bfcd71537

    • SHA512

      353c036537c9d0f63ddaf5a164f711a6e8079e72acd2f6a0d2ab63b7336d59c313c42bce8017a2fb5da060be141d4044ed928c6de46ce051891c52e24187e7c4

    Score
    10/10
    darkcometpersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks