Overview

overview

10

Static

static

03e6b99846...ca.exe

windows7_x64

10

03e6b99846...ca.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca

  • Size

    1.5MB

  • Sample

    200624-5ejg1spxre

  • MD5

    919e727137404624d1f88c477747aa85

  • SHA1

    5136eab99b1c750ad54cff142cb960ec749e7385

  • SHA256

    03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca

  • SHA512

    1511b57c9e194444ad4e32c1b34f4df00e9bdadab9953d2f93722ebc7906ec56910b309760b83a683df40a90d82ee12955d0826d95da0bf2207a0fd930330c71

Score
10/10
darkcometguest16evasionpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

fut123.no-ip.biz:6968

Mutex

DC_MUTEX-QDT8201

Attributes
  • gencode

    pQP26nCFHbNE

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca

    • Size

      1.5MB

    • MD5

      919e727137404624d1f88c477747aa85

    • SHA1

      5136eab99b1c750ad54cff142cb960ec749e7385

    • SHA256

      03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca

    • SHA512

      1511b57c9e194444ad4e32c1b34f4df00e9bdadab9953d2f93722ebc7906ec56910b309760b83a683df40a90d82ee12955d0826d95da0bf2207a0fd930330c71

    Score
    10/10
    darkcometguest16evasionpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks