Overview

overview

10

Static

static

10

3786d3ac3c...79.exe

windows7-x64

10

3786d3ac3c...79.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3786d3ac3ca49959c58824bc3974b9895d7cccb042d054409b08e9f0d20a3f79

  • Size

    667KB

  • Sample

    221002-hycz3sdbg2

  • MD5

    700e7169c86ec53daff688e261f9d530

  • SHA1

    294687eaea86ee9862b653f187f48d70b7dbb7b6

  • SHA256

    3786d3ac3ca49959c58824bc3974b9895d7cccb042d054409b08e9f0d20a3f79

  • SHA512

    afdf39d4ed3b95891dd8a56bc0ce64f2a89077fd83cf3afbcc67e49fa7c6180db795a3210f1616e9beb24b2938c6c0c902b2658b1915258a8760a1631acfa51d

  • SSDEEP

    12288:epwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/S4I:owAcu99lPzvxP+Bsz2XjWTRMQckkIXn2

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      3786d3ac3ca49959c58824bc3974b9895d7cccb042d054409b08e9f0d20a3f79

    • Size

      667KB

    • MD5

      700e7169c86ec53daff688e261f9d530

    • SHA1

      294687eaea86ee9862b653f187f48d70b7dbb7b6

    • SHA256

      3786d3ac3ca49959c58824bc3974b9895d7cccb042d054409b08e9f0d20a3f79

    • SHA512

      afdf39d4ed3b95891dd8a56bc0ce64f2a89077fd83cf3afbcc67e49fa7c6180db795a3210f1616e9beb24b2938c6c0c902b2658b1915258a8760a1631acfa51d

    • SSDEEP

      12288:epwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/S4I:owAcu99lPzvxP+Bsz2XjWTRMQckkIXn2

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks