Overview

overview

10

Static

static

3

319c99ea11...ac.exe

windows7-x64

10

319c99ea11...ac.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    319c99ea11a78646cf7780a99d59b6ac

  • Size

    293KB

  • Sample

    231225-v8vn4afcdj

  • MD5

    319c99ea11a78646cf7780a99d59b6ac

  • SHA1

    412518aa4163e7f7be19634eb94c5627da4a4439

  • SHA256

    58c0ab5cc3b99f8c6eb449d33bfd260dcc6062c22cbc8c58bb421451366f9087

  • SHA512

    4e4b293605170f9decdbfd21025992f5710ac814e1e97dd949790cd4df8eab22bd701901d5a8e68b1269efcc0b13c81ef881353f9de181eb51eaa3e79e60bb7f

  • SSDEEP

    6144:q/IH94JU2oBpdmTQltenTX0BngHJurswYE9JMWZk:qwiuX3n/enr0Bnggr79iW6

Score
10/10
darkcometpersistencerattrojanupx

Malware Config

Targets

    • Target

      319c99ea11a78646cf7780a99d59b6ac

    • Size

      293KB

    • MD5

      319c99ea11a78646cf7780a99d59b6ac

    • SHA1

      412518aa4163e7f7be19634eb94c5627da4a4439

    • SHA256

      58c0ab5cc3b99f8c6eb449d33bfd260dcc6062c22cbc8c58bb421451366f9087

    • SHA512

      4e4b293605170f9decdbfd21025992f5710ac814e1e97dd949790cd4df8eab22bd701901d5a8e68b1269efcc0b13c81ef881353f9de181eb51eaa3e79e60bb7f

    • SSDEEP

      6144:q/IH94JU2oBpdmTQltenTX0BngHJurswYE9JMWZk:qwiuX3n/enr0Bnggr79iW6

    Score
    10/10
    darkcometrattrojanupxpersistence

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks