Overview

overview

10

Static

static

95ff318277...47.exe

windows7_x64

8

95ff318277...47.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95ff3182772b0f1a6c2d540ef848642380ec2398a8db942f95c42f233d345a47

  • Size

    1.5MB

  • Sample

    200629-rdbj2kzbes

  • MD5

    21c07ee9d5fcfebee8eae61710b0c56e

  • SHA1

    a72b64678a7b9ea56b5952bba5478ce4b99fa087

  • SHA256

    95ff3182772b0f1a6c2d540ef848642380ec2398a8db942f95c42f233d345a47

  • SHA512

    86ef1dc8774e8c9c1152436cc9d946740ff1d3f020b4739af082254ecfec47a9f823fba4856186f1b8f650db94ac4f246464ecc7e6d36f50f26c971b2a500903

Score
10/10
darkcometrunescapepersistencerattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Runescape

C2

mrsnickers03.no-ip.biz:340

Mutex

DC_MUTEX-6ZFK11A

Attributes
  • gencode

    uNwew4gojxtu

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      95ff3182772b0f1a6c2d540ef848642380ec2398a8db942f95c42f233d345a47

    • Size

      1.5MB

    • MD5

      21c07ee9d5fcfebee8eae61710b0c56e

    • SHA1

      a72b64678a7b9ea56b5952bba5478ce4b99fa087

    • SHA256

      95ff3182772b0f1a6c2d540ef848642380ec2398a8db942f95c42f233d345a47

    • SHA512

      86ef1dc8774e8c9c1152436cc9d946740ff1d3f020b4739af082254ecfec47a9f823fba4856186f1b8f650db94ac4f246464ecc7e6d36f50f26c971b2a500903

    Score
    10/10
    upxdarkcometrunescapepersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks