Overview

overview

10

Static

static

ddd6405699...7b.exe

windows7_x64

10

ddd6405699...7b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddd6405699a1b9d274a9ec1ee86fd97b

  • Size

    1.1MB

  • Sample

    201026-q2l792x9fj

  • MD5

    ddd6405699a1b9d274a9ec1ee86fd97b

  • SHA1

    167499450b5b204eb319792c9a5cea7fdf83e858

  • SHA256

    86f3d464496271328b6bf4c63c0feeec0f5381d11cec24d2f753cf07f2e4cb96

  • SHA512

    3da3574fca2f9ecf3e73479235b3a6bb2d3fdf3695b75583e4528b5efbf87546eeed4c408ee31e849294bc1fe48cc1a97e50638f6b2d27fe161ac31d2e50d6e7

Score
10/10
darkcometdarkpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Dark

C2

uchedack.no-ip.org:6666

Mutex

DC_MUTEX-15LJ0H8

Attributes
  • gencode

    cnD6zzq2qYhm

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      ddd6405699a1b9d274a9ec1ee86fd97b

    • Size

      1.1MB

    • MD5

      ddd6405699a1b9d274a9ec1ee86fd97b

    • SHA1

      167499450b5b204eb319792c9a5cea7fdf83e858

    • SHA256

      86f3d464496271328b6bf4c63c0feeec0f5381d11cec24d2f753cf07f2e4cb96

    • SHA512

      3da3574fca2f9ecf3e73479235b3a6bb2d3fdf3695b75583e4528b5efbf87546eeed4c408ee31e849294bc1fe48cc1a97e50638f6b2d27fe161ac31d2e50d6e7

    Score
    10/10
    darkcometdarkpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks