Overview

overview

10

Static

static

e2c3d8e66e...f6.exe

windows7-x64

10

e2c3d8e66e...f6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2c3d8e66ea60fe9909092f330ec48a6522c0991fdca5349e4d0bb1c976143f6

  • Size

    1.1MB

  • Sample

    221204-qw6tdaha3y

  • MD5

    d9fcc74bb7aa5722fe2362e491ab01b8

  • SHA1

    88229d7385b1e0d9a36ae7bbd93be22dcf4b8a78

  • SHA256

    e2c3d8e66ea60fe9909092f330ec48a6522c0991fdca5349e4d0bb1c976143f6

  • SHA512

    a86e4ce6127bc154e82cbb6086a355f012e3b413715b51575d32ed3b5141d0cb9c8bb06c4a85b8bde7ee0555733914c585fd112a0c6da1e56101f3be0c859788

  • SSDEEP

    12288:gdg6sr/hYhKsaI4CtddddI6WHDIlXUOOuZpQxV2Y7UXdVFpcCWHwHg6iTN9Xvu4T:wSvGoFdmaqX1Dks/BO7OQcr0EPjCP6

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      e2c3d8e66ea60fe9909092f330ec48a6522c0991fdca5349e4d0bb1c976143f6

    • Size

      1.1MB

    • MD5

      d9fcc74bb7aa5722fe2362e491ab01b8

    • SHA1

      88229d7385b1e0d9a36ae7bbd93be22dcf4b8a78

    • SHA256

      e2c3d8e66ea60fe9909092f330ec48a6522c0991fdca5349e4d0bb1c976143f6

    • SHA512

      a86e4ce6127bc154e82cbb6086a355f012e3b413715b51575d32ed3b5141d0cb9c8bb06c4a85b8bde7ee0555733914c585fd112a0c6da1e56101f3be0c859788

    • SSDEEP

      12288:gdg6sr/hYhKsaI4CtddddI6WHDIlXUOOuZpQxV2Y7UXdVFpcCWHwHg6iTN9Xvu4T:wSvGoFdmaqX1Dks/BO7OQcr0EPjCP6

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks