Overview

overview

10

Static

static

8889fcdf80...f9.exe

windows7_x64

10

8889fcdf80...f9.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8889fcdf809af0798c84c0e94bd7643a6b3d4fe40c6c99702a787617fb816cf9

  • Size

    520KB

  • Sample

    210923-j7bdaaddb9

  • MD5

    d683b4b96582e58a06ddc15284ea35c8

  • SHA1

    2a9902159d8dabec02f9ee13e791fa298290fc81

  • SHA256

    8889fcdf809af0798c84c0e94bd7643a6b3d4fe40c6c99702a787617fb816cf9

  • SHA512

    a56674362d15ed66335b0a54449a658503a4346e58a066197c5665ab48da952b3c8bd3dc49cd0dee30b04208e7f97085ae74e332499f307700353de298331a19

Score
10/10
darkcometpersistencerattrojanupx

Malware Config

Targets

    • Target

      8889fcdf809af0798c84c0e94bd7643a6b3d4fe40c6c99702a787617fb816cf9

    • Size

      520KB

    • MD5

      d683b4b96582e58a06ddc15284ea35c8

    • SHA1

      2a9902159d8dabec02f9ee13e791fa298290fc81

    • SHA256

      8889fcdf809af0798c84c0e94bd7643a6b3d4fe40c6c99702a787617fb816cf9

    • SHA512

      a56674362d15ed66335b0a54449a658503a4346e58a066197c5665ab48da952b3c8bd3dc49cd0dee30b04208e7f97085ae74e332499f307700353de298331a19

    Score
    10/10
    darkcometpersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks