Overview

overview

10

Static

static

1a1d6a65b9...1b.exe

windows7-x64

10

1a1d6a65b9...1b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a1d6a65b9c62de344f0fe0a7f9181fe0d7149b875c150c736111f266aeb081b

  • Size

    1.2MB

  • Sample

    221003-sg9b3acba9

  • MD5

    6039cca1ef69e0ff8fdf456c94f29d08

  • SHA1

    34ee8fb2e2a003747fe24caf5d4e8180191f8eb2

  • SHA256

    1a1d6a65b9c62de344f0fe0a7f9181fe0d7149b875c150c736111f266aeb081b

  • SHA512

    134b26de80aeddd8d42c001cf788d95607a9e458cae41387341c32f54210992a7c0191b41257fa979b96828ad6d6e66dc434d45c322e056e2eb5f911bc752b34

  • SSDEEP

    12288:AcLv1InsYm0oOyHhzADAZ4rSHwaSHG+qOTFHOHuV24MKS8Zc/melNhDVUODyAk1+:bhlAzF6mePySTozcdiWz18b+

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      1a1d6a65b9c62de344f0fe0a7f9181fe0d7149b875c150c736111f266aeb081b

    • Size

      1.2MB

    • MD5

      6039cca1ef69e0ff8fdf456c94f29d08

    • SHA1

      34ee8fb2e2a003747fe24caf5d4e8180191f8eb2

    • SHA256

      1a1d6a65b9c62de344f0fe0a7f9181fe0d7149b875c150c736111f266aeb081b

    • SHA512

      134b26de80aeddd8d42c001cf788d95607a9e458cae41387341c32f54210992a7c0191b41257fa979b96828ad6d6e66dc434d45c322e056e2eb5f911bc752b34

    • SSDEEP

      12288:AcLv1InsYm0oOyHhzADAZ4rSHwaSHG+qOTFHOHuV24MKS8Zc/melNhDVUODyAk1+:bhlAzF6mePySTozcdiWz18b+

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks