Overview

overview

10

Static

static

d2bbd75bfc...90.exe

windows7_x64

10

d2bbd75bfc...90.exe

windows10_x64

10

Analysis

  • max time kernel
    5s
  • max time network
    75s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-11-2020 20:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2bbd75bfc9a75f864ffcae530f8a791cd24a06208765190ae674a6038c05590.exe

  • Size

    1.5MB

  • MD5

    2060cf6432b646182580e06af0a94b86

  • SHA1

    971ae2293c426fbd7ed0808e7ba5de2c2f461cde

  • SHA256

    d2bbd75bfc9a75f864ffcae530f8a791cd24a06208765190ae674a6038c05590

  • SHA512

    d063087f676452574a6e9e989fc8227fe8ec1ddac3da991802e16fb730b5fae174b92be04aba9a92d56ffb1449093097570a9d451a8c105bfd4360b9b89372a8

Score
10/10
darkcometrunescaperattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Runescape

C2

mrsnickers03.no-ip.biz:340

Mutex

DC_MUTEX-6ZFK11A

Attributes
  • gencode

    uNwew4gojxtu

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2bbd75bfc9a75f864ffcae530f8a791cd24a06208765190ae674a6038c05590.exe
    "C:\Users\Admin\AppData\Local\Temp\d2bbd75bfc9a75f864ffcae530f8a791cd24a06208765190ae674a6038c05590.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Windows\system32\svchost.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1392
    • C:\Users\Admin\AppData\Local\Temp\d2bbd75bfc9a75f864ffcae530f8a791cd24a06208765190ae674a6038c05590.exe
      "C:\Users\Admin\AppData\Local\Temp\d2bbd75bfc9a75f864ffcae530f8a791cd24a06208765190ae674a6038c05590.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\OTFCH.bat
    MD5

    92353035f01403e26aa2ff51c3963238

    SHA1

    d13f167c73bfce23a2deab8ce7c4ce9f78759ff4

    SHA256

    2e72a8542f8f809bfb1e4adfb481c7c5e6dc00dda7970c74692ba8d83ea0a870

    SHA512

    74560e33477caae3c7bc13914e4ae3c6911bbcfe257b2833155c236a158db0aca17478beb9d97f648ff1ea566005260f511361771c74203195107f4e82cce7df

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    089ffc0aadab2a0752c4788126613e4e

    SHA1

    52edda16823e9c0163a78d57a47c11a541804289

    SHA256

    b3b76a6ff6c2cbde3741d3f88068b3d3d8f554a1d134adeed120089923936adf

    SHA512

    1da3a6d91bbf23b6172442d1d3fcb3187b023870ebe639b220e39c846a4233160acc4f360ab76e3303df1b60095e614023e4bc4ebae331606020043022b79c45

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    089ffc0aadab2a0752c4788126613e4e

    SHA1

    52edda16823e9c0163a78d57a47c11a541804289

    SHA256

    b3b76a6ff6c2cbde3741d3f88068b3d3d8f554a1d134adeed120089923936adf

    SHA512

    1da3a6d91bbf23b6172442d1d3fcb3187b023870ebe639b220e39c846a4233160acc4f360ab76e3303df1b60095e614023e4bc4ebae331606020043022b79c45

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    089ffc0aadab2a0752c4788126613e4e

    SHA1

    52edda16823e9c0163a78d57a47c11a541804289

    SHA256

    b3b76a6ff6c2cbde3741d3f88068b3d3d8f554a1d134adeed120089923936adf

    SHA512

    1da3a6d91bbf23b6172442d1d3fcb3187b023870ebe639b220e39c846a4233160acc4f360ab76e3303df1b60095e614023e4bc4ebae331606020043022b79c45

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    089ffc0aadab2a0752c4788126613e4e

    SHA1

    52edda16823e9c0163a78d57a47c11a541804289

    SHA256

    b3b76a6ff6c2cbde3741d3f88068b3d3d8f554a1d134adeed120089923936adf

    SHA512

    1da3a6d91bbf23b6172442d1d3fcb3187b023870ebe639b220e39c846a4233160acc4f360ab76e3303df1b60095e614023e4bc4ebae331606020043022b79c45

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    089ffc0aadab2a0752c4788126613e4e

    SHA1

    52edda16823e9c0163a78d57a47c11a541804289

    SHA256

    b3b76a6ff6c2cbde3741d3f88068b3d3d8f554a1d134adeed120089923936adf

    SHA512

    1da3a6d91bbf23b6172442d1d3fcb3187b023870ebe639b220e39c846a4233160acc4f360ab76e3303df1b60095e614023e4bc4ebae331606020043022b79c45

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    089ffc0aadab2a0752c4788126613e4e

    SHA1

    52edda16823e9c0163a78d57a47c11a541804289

    SHA256

    b3b76a6ff6c2cbde3741d3f88068b3d3d8f554a1d134adeed120089923936adf

    SHA512

    1da3a6d91bbf23b6172442d1d3fcb3187b023870ebe639b220e39c846a4233160acc4f360ab76e3303df1b60095e614023e4bc4ebae331606020043022b79c45

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    089ffc0aadab2a0752c4788126613e4e

    SHA1

    52edda16823e9c0163a78d57a47c11a541804289

    SHA256

    b3b76a6ff6c2cbde3741d3f88068b3d3d8f554a1d134adeed120089923936adf

    SHA512

    1da3a6d91bbf23b6172442d1d3fcb3187b023870ebe639b220e39c846a4233160acc4f360ab76e3303df1b60095e614023e4bc4ebae331606020043022b79c45

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    089ffc0aadab2a0752c4788126613e4e

    SHA1

    52edda16823e9c0163a78d57a47c11a541804289

    SHA256

    b3b76a6ff6c2cbde3741d3f88068b3d3d8f554a1d134adeed120089923936adf

    SHA512

    1da3a6d91bbf23b6172442d1d3fcb3187b023870ebe639b220e39c846a4233160acc4f360ab76e3303df1b60095e614023e4bc4ebae331606020043022b79c45

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    089ffc0aadab2a0752c4788126613e4e

    SHA1

    52edda16823e9c0163a78d57a47c11a541804289

    SHA256

    b3b76a6ff6c2cbde3741d3f88068b3d3d8f554a1d134adeed120089923936adf

    SHA512

    1da3a6d91bbf23b6172442d1d3fcb3187b023870ebe639b220e39c846a4233160acc4f360ab76e3303df1b60095e614023e4bc4ebae331606020043022b79c45

    Download Submit
  • memory/756-43-0x0000000000000000-mapping.dmp
    Download
  • memory/992-45-0x0000000000000000-mapping.dmp
    Download
  • memory/1096-24-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-7-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-17-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-19-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-22-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-23-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-25-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-2-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-27-0x00000000006D8000-0x00000000006D9000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-26-0x00000000006D8000-0x00000000006D9000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-30-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-29-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-28-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-5-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-3-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-18-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-4-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-6-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-9-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-10-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-8-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-16-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-13-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-12-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1096-11-0x00000000006D6000-0x00000000006D7000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1392-34-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1392-31-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1392-32-0x000000000040B000-mapping.dmp
    Download
  • memory/1392-33-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1564-39-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1564-37-0x00000000004085D0-mapping.dmp
    Download
  • memory/1564-35-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1564-40-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1640-84-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1640-85-0x000000000040B000-mapping.dmp
    Download
  • memory/1640-86-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1764-101-0x0000000000400000-0x00000000004B7000-memory.dmp
    Filesize

    732KB

    Download
  • memory/1764-96-0x0000000000400000-0x00000000004B7000-memory.dmp
    Filesize

    732KB

    Download
  • memory/1764-97-0x00000000004B5210-mapping.dmp
    Download
  • memory/1764-102-0x0000000000400000-0x00000000004B7000-memory.dmp
    Filesize

    732KB

    Download
  • memory/1896-59-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-82-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-65-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-70-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-69-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-71-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-72-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-75-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-76-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-77-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-78-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-79-0x0000000000678000-0x0000000000679000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-80-0x0000000000678000-0x0000000000679000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-66-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-83-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-81-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-64-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-62-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-63-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-61-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-51-0x0000000000000000-mapping.dmp
    Download
  • memory/1896-56-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-60-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-58-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-57-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1896-55-0x0000000000676000-0x0000000000677000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1980-90-0x00000000004085D0-mapping.dmp
    Download