Overview

overview

10

Static

static

3

d6eb57dc7e...0N.exe

windows7-x64

10

d6eb57dc7e...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d6eb57dc7e2692692f63991c45844ef0N

  • Size

    493KB

  • Sample

    240914-agxddsxcqb

  • MD5

    d6eb57dc7e2692692f63991c45844ef0

  • SHA1

    b7f9784e5a5dbce1d341cb68e938605b93853da7

  • SHA256

    8a0da16de2f72ed3b324f85c81a1569e367ea13ba14af783254a2756e011387e

  • SHA512

    863a30fbeaa50b75b085d80bc368a4a0f1899460ae33aa6810787ed3ef1f058d3b2e75c321a25caf6119a5850638b34cbacb1412d2d1cf4865b3f1d42adbdd31

  • SSDEEP

    12288:jLkEZ8207OSJK7v7Gfy6gdya7c3K1UY2y2R6/T0Iw5pu:jLkpl0Tigsr3cB8l2

Score
10/10
darkcometbootkitdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      d6eb57dc7e2692692f63991c45844ef0N

    • Size

      493KB

    • MD5

      d6eb57dc7e2692692f63991c45844ef0

    • SHA1

      b7f9784e5a5dbce1d341cb68e938605b93853da7

    • SHA256

      8a0da16de2f72ed3b324f85c81a1569e367ea13ba14af783254a2756e011387e

    • SHA512

      863a30fbeaa50b75b085d80bc368a4a0f1899460ae33aa6810787ed3ef1f058d3b2e75c321a25caf6119a5850638b34cbacb1412d2d1cf4865b3f1d42adbdd31

    • SSDEEP

      12288:jLkEZ8207OSJK7v7Gfy6gdya7c3K1UY2y2R6/T0Iw5pu:jLkpl0Tigsr3cB8l2

    Score
    10/10
    darkcometbootkitdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks