Overview

overview

10

Static

static

7

77e53bbd8b...dd.exe

windows7-x64

10

77e53bbd8b...dd.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77e53bbd8b81841a0b52c1ac1bd1d8dd

  • Size

    788KB

  • Sample

    240126-vfvtdsabg2

  • MD5

    77e53bbd8b81841a0b52c1ac1bd1d8dd

  • SHA1

    940e7b7cec428eb96ecf3c66df2f48868f5ca657

  • SHA256

    ed8657cc1b165a422cbebf77647e82dcab86e41dca8c5732caece236dca16c64

  • SHA512

    1b7c1211df817a84c688d3219f3907e92ab45166dcdc7c5daa0dc309d9dbaf12836497b46671360ae966148333c67fe0147d947fc28cf31d3b0ef23b2c315fec

  • SSDEEP

    12288:e56oNqv0GQ8MqUoZqORRenIOvLman2gNqvQAUTQ9SdVpusigXFhm9Sb9:eRovHQ8MqjEJIOT24AyQYpfiIFQUB

Score
10/10
darkcometpersistencerattrojanupx

Malware Config

Targets

    • Target

      77e53bbd8b81841a0b52c1ac1bd1d8dd

    • Size

      788KB

    • MD5

      77e53bbd8b81841a0b52c1ac1bd1d8dd

    • SHA1

      940e7b7cec428eb96ecf3c66df2f48868f5ca657

    • SHA256

      ed8657cc1b165a422cbebf77647e82dcab86e41dca8c5732caece236dca16c64

    • SHA512

      1b7c1211df817a84c688d3219f3907e92ab45166dcdc7c5daa0dc309d9dbaf12836497b46671360ae966148333c67fe0147d947fc28cf31d3b0ef23b2c315fec

    • SSDEEP

      12288:e56oNqv0GQ8MqUoZqORRenIOvLman2gNqvQAUTQ9SdVpusigXFhm9Sb9:eRovHQ8MqjEJIOT24AyQYpfiIFQUB

    Score
    10/10
    darkcometpersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks