Overview

overview

10

Static

static

5

24ffc54781...1N.exe

windows7-x64

10

24ffc54781...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24ffc54781f9737d530037e3ad2239c4823955dc00ce8e67b2c29195b7c972c1N

  • Size

    3.8MB

  • Sample

    241107-yj431sxgqk

  • MD5

    e5fc9720f9fa2b5b22c86e2ca5b672f0

  • SHA1

    01b06521fd81f34084865f9ad0f71df1288f7f91

  • SHA256

    24ffc54781f9737d530037e3ad2239c4823955dc00ce8e67b2c29195b7c972c1

  • SHA512

    bf6c70f41289b381d9846f74a72b9daf7ca4bb4e5c21cd6fdc2cee9fd9a277a550bf66a7b705b519725129d905e3bcd9bc6b2d52ff6265075c614cdcdb3806cd

  • SSDEEP

    98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qk:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSi6

Score
10/10
darkcometdiscoverypersistencerattrojanupx

Malware Config

Targets

    • Target

      24ffc54781f9737d530037e3ad2239c4823955dc00ce8e67b2c29195b7c972c1N

    • Size

      3.8MB

    • MD5

      e5fc9720f9fa2b5b22c86e2ca5b672f0

    • SHA1

      01b06521fd81f34084865f9ad0f71df1288f7f91

    • SHA256

      24ffc54781f9737d530037e3ad2239c4823955dc00ce8e67b2c29195b7c972c1

    • SHA512

      bf6c70f41289b381d9846f74a72b9daf7ca4bb4e5c21cd6fdc2cee9fd9a277a550bf66a7b705b519725129d905e3bcd9bc6b2d52ff6265075c614cdcdb3806cd

    • SSDEEP

      98304:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSiSLCQrdGLcjFjj/eWKS5h7EleIljztU/qk:3i4hTLOMtHDMlANqnfVGPyhcMYg4lSi6

    Score
    10/10
    darkcometdiscoverypersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks