Overview

overview

10

Static

static

445bc3da96...e2.exe

windows7_x64

10

445bc3da96...e2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    445bc3da96e63745748cc4d7d14faaa80122f46bc86e2.exe

  • Size

    833KB

  • Sample

    210611-gyz6q8tzmj

  • MD5

    aff59ff4873a180e497cac498323fd56

  • SHA1

    3cb24379d8aeb29a58fddac419f8bd0fc1068c89

  • SHA256

    445bc3da96e63745748cc4d7d14faaa80122f46bc86e2a4628956f5aea4b70f7

  • SHA512

    cbf9ed1d90ea527bc9e8f3564d1fd2f3d1f9c92e10ba8da790f58c815f07ae11f6c5da3772b95b286867e3be124994ddc32aa1758a1d2acb8667d01dfca7b929

Score
10/10
darkcometpersistencerattrojanupx

Malware Config

Targets

    • Target

      445bc3da96e63745748cc4d7d14faaa80122f46bc86e2.exe

    • Size

      833KB

    • MD5

      aff59ff4873a180e497cac498323fd56

    • SHA1

      3cb24379d8aeb29a58fddac419f8bd0fc1068c89

    • SHA256

      445bc3da96e63745748cc4d7d14faaa80122f46bc86e2a4628956f5aea4b70f7

    • SHA512

      cbf9ed1d90ea527bc9e8f3564d1fd2f3d1f9c92e10ba8da790f58c815f07ae11f6c5da3772b95b286867e3be124994ddc32aa1758a1d2acb8667d01dfca7b929

    Score
    10/10
    darkcometpersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks