Overview

overview

10

Static

static

3

d3d4a5e352...9c.exe

windows7-x64

10

d3d4a5e352...9c.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d3d4a5e352ca9a305869985b29c8ae9c

  • Size

    456KB

  • Sample

    240318-snar3sbg34

  • MD5

    d3d4a5e352ca9a305869985b29c8ae9c

  • SHA1

    e6a10118e625382062ddefe47a0cdb8c29f44918

  • SHA256

    42c9607f6336c880104a8e3e0b7ae046bf3d3547a904309e825c9f9bf01621b8

  • SHA512

    5ff327bb312e4ac18fb23b641215bb3006398af7bcae9280d7743c4c5cec1542d87f046b10a1ea1fb15fc378697cda235c61a70c39a0f42d820b016796c8cfd4

  • SSDEEP

    6144:lsHE8LiVlRm/2/0aRrsqvZqYB4Vl7LXPw6YFCTHJnm7fhhmjPGy6OKGF:yNGVlRmDadv0TV9Lfw3F0pmuaq

Score
10/10
darkcometpersistencerattrojanupx

Malware Config

Targets

    • Target

      d3d4a5e352ca9a305869985b29c8ae9c

    • Size

      456KB

    • MD5

      d3d4a5e352ca9a305869985b29c8ae9c

    • SHA1

      e6a10118e625382062ddefe47a0cdb8c29f44918

    • SHA256

      42c9607f6336c880104a8e3e0b7ae046bf3d3547a904309e825c9f9bf01621b8

    • SHA512

      5ff327bb312e4ac18fb23b641215bb3006398af7bcae9280d7743c4c5cec1542d87f046b10a1ea1fb15fc378697cda235c61a70c39a0f42d820b016796c8cfd4

    • SSDEEP

      6144:lsHE8LiVlRm/2/0aRrsqvZqYB4Vl7LXPw6YFCTHJnm7fhhmjPGy6OKGF:yNGVlRmDadv0TV9Lfw3F0pmuaq

    Score
    10/10
    darkcometpersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks