Overview

overview

10

Static

static

3

8cddadceaf...09.exe

windows7-x64

10

8cddadceaf...09.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8cddadceaf4a1a4f61606e7536ec9109

  • Size

    1.1MB

  • Sample

    240203-vkhpmagddm

  • MD5

    8cddadceaf4a1a4f61606e7536ec9109

  • SHA1

    f6c8e810acb125c14e7745181819408c67d7c11b

  • SHA256

    6f2723d7bd5b9600db6afd4c400a3b19ce59c3a15caa972e034a562f3a083de1

  • SHA512

    28310b206a696deaaa1b5f7b68552bfc255a4dc7d01b188b279b7831a61e7561a6858225d028a745eb9841449c11b576f9251bdbab9dbca2dd9930b3b9d432c9

  • SSDEEP

    24576:XeswDpRmrkjVVJDhpQ0NJHWmWMlkvmVZz4n3KOKPh:XlwWopDs0lWMlBZz1

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      8cddadceaf4a1a4f61606e7536ec9109

    • Size

      1.1MB

    • MD5

      8cddadceaf4a1a4f61606e7536ec9109

    • SHA1

      f6c8e810acb125c14e7745181819408c67d7c11b

    • SHA256

      6f2723d7bd5b9600db6afd4c400a3b19ce59c3a15caa972e034a562f3a083de1

    • SHA512

      28310b206a696deaaa1b5f7b68552bfc255a4dc7d01b188b279b7831a61e7561a6858225d028a745eb9841449c11b576f9251bdbab9dbca2dd9930b3b9d432c9

    • SSDEEP

      24576:XeswDpRmrkjVVJDhpQ0NJHWmWMlkvmVZz4n3KOKPh:XlwWopDs0lWMlBZz1

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks