Overview

overview

10

Static

static

10

f58912ac2d...8c.exe

windows7-x64

10

f58912ac2d...8c.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f58912ac2d7c629e33dcb48787967e68d4d1ab91c628a2473150c485f88aca8c

  • Size

    756KB

  • Sample

    221021-cttjdagddm

  • MD5

    64def0c5103f9b874fb271d95fc2738d

  • SHA1

    c8a56a08ba89fc63b65aae29f16cb98298376dc3

  • SHA256

    f58912ac2d7c629e33dcb48787967e68d4d1ab91c628a2473150c485f88aca8c

  • SHA512

    adec050827c193ade0685c404fdbfde6b31a45bf66e67a6a9c293857a8c4cb818c13971731d62f27f9d5f79c4dd6658637fc000af4bab2ce90e7784d2521da28

  • SSDEEP

    12288:e9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK:kAQ6Zx9cxTmOrucTIEFSpOG

Score
10/10
darkcometevasionpersistencerattrojan

Malware Config

Targets

    • Target

      f58912ac2d7c629e33dcb48787967e68d4d1ab91c628a2473150c485f88aca8c

    • Size

      756KB

    • MD5

      64def0c5103f9b874fb271d95fc2738d

    • SHA1

      c8a56a08ba89fc63b65aae29f16cb98298376dc3

    • SHA256

      f58912ac2d7c629e33dcb48787967e68d4d1ab91c628a2473150c485f88aca8c

    • SHA512

      adec050827c193ade0685c404fdbfde6b31a45bf66e67a6a9c293857a8c4cb818c13971731d62f27f9d5f79c4dd6658637fc000af4bab2ce90e7784d2521da28

    • SSDEEP

      12288:e9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK:kAQ6Zx9cxTmOrucTIEFSpOG

    Score
    10/10
    darkcometevasionpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Windows security bypass

      evasiontrojan

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks