Overview

overview

10

Static

static

198d51cd77...e8.exe

windows7_x64

198d51cd77...e8.exe

windows10_x64

10

Resubmissions

02-09-2021 10:21

210902-6nr3zm1qya 10

15-05-2021 13:00

210515-3jn65bnc6x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    198d51cd77f96832b3f6c733455ce8921e153fd31542e7a3e89a788ab792ede8

  • Size

    3.9MB

  • Sample

    210902-6nr3zm1qya

  • MD5

    1172133c5174fcc69b7376efe3cdf91d

  • SHA1

    7492a278541a7161eb4deb3829deb9bccffe91a7

  • SHA256

    198d51cd77f96832b3f6c733455ce8921e153fd31542e7a3e89a788ab792ede8

  • SHA512

    41315d272ac32c052944860ba97e966a8e0a7aad4e17a9c1ba6ae5e8ee2fc522c5f5187665541e1858be0c4bc8f71d9940c6623f190cc46e5445abb723ed3404

Score
10/10
darkcometevasionpersistencerattrojan

Malware Config

Targets

    • Target

      198d51cd77f96832b3f6c733455ce8921e153fd31542e7a3e89a788ab792ede8

    • Size

      3.9MB

    • MD5

      1172133c5174fcc69b7376efe3cdf91d

    • SHA1

      7492a278541a7161eb4deb3829deb9bccffe91a7

    • SHA256

      198d51cd77f96832b3f6c733455ce8921e153fd31542e7a3e89a788ab792ede8

    • SHA512

      41315d272ac32c052944860ba97e966a8e0a7aad4e17a9c1ba6ae5e8ee2fc522c5f5187665541e1858be0c4bc8f71d9940c6623f190cc46e5445abb723ed3404

    Score
    10/10
    darkcometevasionpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Hidden Files and Directories

2
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Hidden Files and Directories

2
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks