6c6a951636ae4dee7a842c6af1d43236.exe

General
Target

6c6a951636ae4dee7a842c6af1d43236.exe

Size

1MB

Sample

210722-khfc1ds4ex

Score
10 /10
MD5

6c6a951636ae4dee7a842c6af1d43236

SHA1

387e2f026ca3ec2a291b09fa76f88fe40ae7007c

SHA256

2ebc7cf945c4eba60eb0f25f6b58eb8d7d0558f6b5622530b2b3808987173952

SHA512

3324a70e328be9cdbbe60f47da1254208032b73e6b48cbfea9d070b50378a1ed0f6df32b62c3b16712b78ddcaa0b696ee196f8e9448c3b0f025a9f1d36857311

Malware Config
Targets
Target

6c6a951636ae4dee7a842c6af1d43236.exe

MD5

6c6a951636ae4dee7a842c6af1d43236

Filesize

1MB

Score
10 /10
SHA1

387e2f026ca3ec2a291b09fa76f88fe40ae7007c

SHA256

2ebc7cf945c4eba60eb0f25f6b58eb8d7d0558f6b5622530b2b3808987173952

SHA512

3324a70e328be9cdbbe60f47da1254208032b73e6b48cbfea9d070b50378a1ed0f6df32b62c3b16712b78ddcaa0b696ee196f8e9448c3b0f025a9f1d36857311

Tags

Signatures

  • Darkcomet

    Description

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    Tags

  • Modifies WinLogon for persistence

    Tags

    TTPs

    Winlogon Helper DLL Modify Registry
  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Sets file to hidden

    Description

    Modifies file attributes to stop it showing in Explorer etc.

    Tags

    TTPs

    Hidden Files and Directories
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query Registry System Information Discovery
  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation