Overview

overview

10

Static

static

74556POZ_pdf.exe

windows7_x64

10

74556POZ_pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74556POZ_pdf.exe

  • Size

    749KB

  • Sample

    200815-3lwphsfm1j

  • MD5

    8c783ee344384ce8f3282675e961c3c0

  • SHA1

    eb699861cb2ec0fdc2fb736c6f4eba93133f2100

  • SHA256

    bbc8f1873aefb2518b9675fdda8446a2ba7dc159bab9bfd08b40e19b654ea8bb

  • SHA512

    ed6ab8e3d8cc3a6cbbadd944d59f8112d9bb4fba2c73d9d476be4e2a9ab929e4836626e113efb72d184b275ea5c8653494fe6e8834571f0bd89f24b83d913aec

Score
10/10
darkcometgood newsrattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Good News

C2

boki.zapto.org:1905

Mutex

DCMIN_MUTEX-ZAT3FJZ

Attributes
  • gencode

    BrxJcaQU7jzd

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      74556POZ_pdf.exe

    • Size

      749KB

    • MD5

      8c783ee344384ce8f3282675e961c3c0

    • SHA1

      eb699861cb2ec0fdc2fb736c6f4eba93133f2100

    • SHA256

      bbc8f1873aefb2518b9675fdda8446a2ba7dc159bab9bfd08b40e19b654ea8bb

    • SHA512

      ed6ab8e3d8cc3a6cbbadd944d59f8112d9bb4fba2c73d9d476be4e2a9ab929e4836626e113efb72d184b275ea5c8653494fe6e8834571f0bd89f24b83d913aec

    Score
    10/10
    darkcometgood newsrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks