Overview

overview

10

Static

static

88aa6245a9...99.exe

windows7-x64

10

88aa6245a9...99.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88aa6245a9e15b446e67eb9d22ea170220a6d0144a9084ee1c77fc3690c9a299

  • Size

    649KB

  • Sample

    221202-zn9dzach85

  • MD5

    4c5193f8847787645f36907532f22113

  • SHA1

    d1bd61d41d2c1ecfac777f524d5bbab118240eb1

  • SHA256

    88aa6245a9e15b446e67eb9d22ea170220a6d0144a9084ee1c77fc3690c9a299

  • SHA512

    7a8f3a5f4ea8cc1caf7e62c3573eade025d7cbc1aaaca159883ef0fdc16f1662b65304f96e1cc0fc77c1fd93a202fd0963e4aebe40931fc7b5f2601827c7119b

  • SSDEEP

    12288:MUFDhBkCmGdLq65cogQheITMtp4kTnXlqdJrbNqGgRRMJCO10C9V6VPnehxs2ctx:MTWLzfUITM1uJiRBC9wVf6tUx

Score
10/10
darkcometrattrojan

Malware Config

Targets

    • Target

      88aa6245a9e15b446e67eb9d22ea170220a6d0144a9084ee1c77fc3690c9a299

    • Size

      649KB

    • MD5

      4c5193f8847787645f36907532f22113

    • SHA1

      d1bd61d41d2c1ecfac777f524d5bbab118240eb1

    • SHA256

      88aa6245a9e15b446e67eb9d22ea170220a6d0144a9084ee1c77fc3690c9a299

    • SHA512

      7a8f3a5f4ea8cc1caf7e62c3573eade025d7cbc1aaaca159883ef0fdc16f1662b65304f96e1cc0fc77c1fd93a202fd0963e4aebe40931fc7b5f2601827c7119b

    • SSDEEP

      12288:MUFDhBkCmGdLq65cogQheITMtp4kTnXlqdJrbNqGgRRMJCO10C9V6VPnehxs2ctx:MTWLzfUITM1uJiRBC9wVf6tUx

    Score
    10/10
    darkcometrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks