Overview

overview

10

Static

static

4af88f5467...96.exe

windows7_x64

3

4af88f5467...96.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4af88f5467e746369b32d26fbd469e25c3867b138d9ac3126c6874f642590596

  • Size

    917KB

  • Sample

    201109-1xtwzn6lmn

  • MD5

    172580d9a126a781cc2aa5cc8a22ad21

  • SHA1

    577bb13437762cd8a1b58991e352043d32f83dc5

  • SHA256

    4af88f5467e746369b32d26fbd469e25c3867b138d9ac3126c6874f642590596

  • SHA512

    f00c3900e9938c438981f5ae47dc9623fb0088b41f8353f3572e2da3f5c4d7d7eb074a0cd7d0e3c6b9c4c1185b6205c54fd9ffedc2219db202ea44f38f922bcf

Score
10/10
darkcometmay20rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

May20

C2

boki.zapto.org:1905

Mutex

DCMIN_MUTEX-6VJYRTE

Attributes
  • gencode

    WjEU51BQp8qK

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      4af88f5467e746369b32d26fbd469e25c3867b138d9ac3126c6874f642590596

    • Size

      917KB

    • MD5

      172580d9a126a781cc2aa5cc8a22ad21

    • SHA1

      577bb13437762cd8a1b58991e352043d32f83dc5

    • SHA256

      4af88f5467e746369b32d26fbd469e25c3867b138d9ac3126c6874f642590596

    • SHA512

      f00c3900e9938c438981f5ae47dc9623fb0088b41f8353f3572e2da3f5c4d7d7eb074a0cd7d0e3c6b9c4c1185b6205c54fd9ffedc2219db202ea44f38f922bcf

    Score
    10/10
    darkcometmay20rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks