Overview

overview

10

Static

static

10

44083ccdc0...2f.exe

windows7-x64

10

44083ccdc0...2f.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    44083ccdc05f57a3b919d0e38f374f2f

  • Size

    659KB

  • Sample

    240105-v638fsgge7

  • MD5

    44083ccdc05f57a3b919d0e38f374f2f

  • SHA1

    2ed4195ff0713494a575661faf7098c77cbdf8f1

  • SHA256

    85a021577c2ae040ae90d5bf7fa0fa9e0b97060fb2a8d2dada64d32c6ff75d6d

  • SHA512

    90d05d2887067d71bd2688331f372c8506feecd3054707eeaf8254a1413c28ae50f70888be45b3ee79b3230843784b13e51631fd2d4e5d87e510679aed5f3987

  • SSDEEP

    12288:59AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK9:/AQ6Zx9cxTmOrucTIEFSpOGg

Score
10/10
darkcometevasionpersistencerattrojan

Malware Config

Targets

    • Target

      44083ccdc05f57a3b919d0e38f374f2f

    • Size

      659KB

    • MD5

      44083ccdc05f57a3b919d0e38f374f2f

    • SHA1

      2ed4195ff0713494a575661faf7098c77cbdf8f1

    • SHA256

      85a021577c2ae040ae90d5bf7fa0fa9e0b97060fb2a8d2dada64d32c6ff75d6d

    • SHA512

      90d05d2887067d71bd2688331f372c8506feecd3054707eeaf8254a1413c28ae50f70888be45b3ee79b3230843784b13e51631fd2d4e5d87e510679aed5f3987

    • SSDEEP

      12288:59AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK9:/AQ6Zx9cxTmOrucTIEFSpOGg

    Score
    10/10
    darkcometevasionpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Modifies security service

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks