Overview

overview

10

Static

static

10

a29f78f397...c2.exe

windows7-x64

10

a29f78f397...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a29f78f397bcc25d69b459eac6afc93cbc61429a5a33ad07f12e3081f45e4ec2

  • Size

    635KB

  • Sample

    221205-zxx3asah4y

  • MD5

    d399b7212c9db5e043140682be4f6f4b

  • SHA1

    a800e83a7c4e4521d09a942d671dc265e91226a7

  • SHA256

    a29f78f397bcc25d69b459eac6afc93cbc61429a5a33ad07f12e3081f45e4ec2

  • SHA512

    3483f9b198b3e2207e98d34aad4431892d687aa153ae69860ff480f08fd7c393e85ad52a31c284262a853343aa0605fa1d317290f331d4ef21675a9c6430ac1d

  • SSDEEP

    12288:npwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/Z:pwAcu99lPzvxP+Bsz2XjWTRMQckkIXnx

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      a29f78f397bcc25d69b459eac6afc93cbc61429a5a33ad07f12e3081f45e4ec2

    • Size

      635KB

    • MD5

      d399b7212c9db5e043140682be4f6f4b

    • SHA1

      a800e83a7c4e4521d09a942d671dc265e91226a7

    • SHA256

      a29f78f397bcc25d69b459eac6afc93cbc61429a5a33ad07f12e3081f45e4ec2

    • SHA512

      3483f9b198b3e2207e98d34aad4431892d687aa153ae69860ff480f08fd7c393e85ad52a31c284262a853343aa0605fa1d317290f331d4ef21675a9c6430ac1d

    • SSDEEP

      12288:npwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/Z:pwAcu99lPzvxP+Bsz2XjWTRMQckkIXnx

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks