Overview

overview

10

Static

static

0a7662f030...f4.exe

windows7_x64

8

0a7662f030...f4.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a7662f030946b171a47ca964dace696410fbaafcc70c3849ea70fbcd3bacdf4

  • Size

    1.5MB

  • Sample

    200629-wlm748mlt2

  • MD5

    644fb62f1d5ea374affb23f47b0ab4ca

  • SHA1

    a9bbeb0793282db2f74f19a271415479146be3b9

  • SHA256

    0a7662f030946b171a47ca964dace696410fbaafcc70c3849ea70fbcd3bacdf4

  • SHA512

    7cf494dfd1456ef29ddfee4c5aa2074aab092c4cbb06145e0bf27c64852344b9ee79488726b2e517035cfa18b546d82048c156bc4722e017fb7175eaedbde868

Score
10/10
darkcometrunescapepersistencerattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Runescape

C2

mrsnickers03.no-ip.biz:340

Mutex

DC_MUTEX-6ZFK11A

Attributes
  • gencode

    uNwew4gojxtu

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      0a7662f030946b171a47ca964dace696410fbaafcc70c3849ea70fbcd3bacdf4

    • Size

      1.5MB

    • MD5

      644fb62f1d5ea374affb23f47b0ab4ca

    • SHA1

      a9bbeb0793282db2f74f19a271415479146be3b9

    • SHA256

      0a7662f030946b171a47ca964dace696410fbaafcc70c3849ea70fbcd3bacdf4

    • SHA512

      7cf494dfd1456ef29ddfee4c5aa2074aab092c4cbb06145e0bf27c64852344b9ee79488726b2e517035cfa18b546d82048c156bc4722e017fb7175eaedbde868

    Score
    10/10
    persistenceupxdarkcometrunescaperattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks