Overview

overview

10

Static

static

b205c54897...42.exe

windows7-x64

10

b205c54897...42.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842

  • Size

    3.3MB

  • Sample

    221205-hcdz9adg24

  • MD5

    4c8104511d3397cc60a289802fef826c

  • SHA1

    beed9b44d8556122407c4e2c23300615d57a1a77

  • SHA256

    b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842

  • SHA512

    6292101dce13cc1eea4038a4aa10853eef3fa37783932f45c4fb2c6da191bc0de53550568e49407208abd8645fc4e5a4ea3c56b361822771823f6507c99aa219

  • SSDEEP

    98304:3ZccpCPWe6/IL/zqLJIEsHtEgfylQ+e63gFPtmGppT:3ZccpCPK/EzqLJxoyYbP7

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842

    • Size

      3.3MB

    • MD5

      4c8104511d3397cc60a289802fef826c

    • SHA1

      beed9b44d8556122407c4e2c23300615d57a1a77

    • SHA256

      b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842

    • SHA512

      6292101dce13cc1eea4038a4aa10853eef3fa37783932f45c4fb2c6da191bc0de53550568e49407208abd8645fc4e5a4ea3c56b361822771823f6507c99aa219

    • SSDEEP

      98304:3ZccpCPWe6/IL/zqLJIEsHtEgfylQ+e63gFPtmGppT:3ZccpCPK/EzqLJxoyYbP7

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks