Overview

overview

10

Static

static

2b7f453346...97.exe

windows7-x64

10

2b7f453346...97.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2b7f4533469e3d0d34b32039a9b3392071608647838aa55600983fdc950eab97

  • Size

    329KB

  • Sample

    221020-bg9t6agbeq

  • MD5

    91f0fb31d831b9eb232a1725b756d1e7

  • SHA1

    e7404cd93a23d4615c204b67f00ae92af37bf210

  • SHA256

    2b7f4533469e3d0d34b32039a9b3392071608647838aa55600983fdc950eab97

  • SHA512

    882992a93d71e36914baa6920b4dbc7608db564857fc37b66a062c2356cfe33c4816df46f67dbb13abf193b2a3e88a33cfc731ecc5405171328212f1846a58d6

  • SSDEEP

    6144:PLyNTT1fI4FwaLdZk38NkrO80+GrF9H3EzuWTxapkaRTiq9aH:PLyF1Qws7glF9qa2aRTiua

Score
10/10
darkcometevasionpersistencerattrojan

Malware Config

Targets

    • Target

      2b7f4533469e3d0d34b32039a9b3392071608647838aa55600983fdc950eab97

    • Size

      329KB

    • MD5

      91f0fb31d831b9eb232a1725b756d1e7

    • SHA1

      e7404cd93a23d4615c204b67f00ae92af37bf210

    • SHA256

      2b7f4533469e3d0d34b32039a9b3392071608647838aa55600983fdc950eab97

    • SHA512

      882992a93d71e36914baa6920b4dbc7608db564857fc37b66a062c2356cfe33c4816df46f67dbb13abf193b2a3e88a33cfc731ecc5405171328212f1846a58d6

    • SSDEEP

      6144:PLyNTT1fI4FwaLdZk38NkrO80+GrF9H3EzuWTxapkaRTiq9aH:PLyF1Qws7glF9qa2aRTiua

    Score
    10/10
    darkcometevasionpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks