Overview

overview

10

Static

static

5

75c8a77f15...43.exe

windows7-x64

10

75c8a77f15...43.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75c8a77f157742e25d97e38062bcb197f71eefde6ede1810425c75c98c109f43

  • Size

    559KB

  • Sample

    241123-3y297atjgz

  • MD5

    d9172f489ae0ac865f9d47f905cdf73d

  • SHA1

    1854943a843d33266578839708a18bf9b15a92a8

  • SHA256

    75c8a77f157742e25d97e38062bcb197f71eefde6ede1810425c75c98c109f43

  • SHA512

    2e44c359418e8368c3771d2d0803d3b0a54606cedef633f23a2965121276759ac5edcdba1b21f598b04c2ca3ab1243d1b7fff30e27f516c8e61e095643f15f2a

  • SSDEEP

    12288:x+xOrozCCYaCphtIYJb6lzOqPpFOblme0pLLsbii9cWDeO7HtoNmKzoSb:COEzCFaCpAYJbwzOqPUlvOsmi9c8SlZ

Score
10/10
darkcometdiscoverypersistencerattrojanupx

Malware Config

Targets

    • Target

      75c8a77f157742e25d97e38062bcb197f71eefde6ede1810425c75c98c109f43

    • Size

      559KB

    • MD5

      d9172f489ae0ac865f9d47f905cdf73d

    • SHA1

      1854943a843d33266578839708a18bf9b15a92a8

    • SHA256

      75c8a77f157742e25d97e38062bcb197f71eefde6ede1810425c75c98c109f43

    • SHA512

      2e44c359418e8368c3771d2d0803d3b0a54606cedef633f23a2965121276759ac5edcdba1b21f598b04c2ca3ab1243d1b7fff30e27f516c8e61e095643f15f2a

    • SSDEEP

      12288:x+xOrozCCYaCphtIYJb6lzOqPpFOblme0pLLsbii9cWDeO7HtoNmKzoSb:COEzCFaCpAYJbwzOqPUlvOsmi9c8SlZ

    Score
    10/10
    darkcometdiscoverypersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks