Overview

overview

10

Static

static

3

cc619dc3b7...5b.exe

windows7-x64

1

cc619dc3b7...5b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc619dc3b71bf6ddf8ab304990a4215b

  • Size

    852KB

  • Sample

    240315-zha9zsba6z

  • MD5

    cc619dc3b71bf6ddf8ab304990a4215b

  • SHA1

    9d08d85b6594f112ff6812d667cd835ac81e305a

  • SHA256

    35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3

  • SHA512

    068f6d394c0ac2c5c110209dfb2aba0051536aee3dddc41b7b867cc7b5a69e3cb5b697189ab8b00485969cd396295f4b0fc55347ce6c3f457397d8855850b4ee

  • SSDEEP

    24576:bp/YH7l3kAWXz+EQ9Gak77eZpwQ1EaDSTd:147lkD7iGaWSZId

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      cc619dc3b71bf6ddf8ab304990a4215b

    • Size

      852KB

    • MD5

      cc619dc3b71bf6ddf8ab304990a4215b

    • SHA1

      9d08d85b6594f112ff6812d667cd835ac81e305a

    • SHA256

      35b4a84324681a1000c14cf114b6f94ada34eb6c6ca38b9a4584b31e742aece3

    • SHA512

      068f6d394c0ac2c5c110209dfb2aba0051536aee3dddc41b7b867cc7b5a69e3cb5b697189ab8b00485969cd396295f4b0fc55347ce6c3f457397d8855850b4ee

    • SSDEEP

      24576:bp/YH7l3kAWXz+EQ9Gak77eZpwQ1EaDSTd:147lkD7iGaWSZId

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks