Overview

overview

10

Static

static

3a33bcbef5...5d.exe

windows7_x64

10

3a33bcbef5...5d.exe

windows10_x64

10

Analysis

  • max time kernel
    4s
  • max time network
    13s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-11-2020 20:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a33bcbef59011becd7de5bcc3f0cea7bd19ad899c536ea483aa22ca081a135d.exe

  • Size

    1.5MB

  • MD5

    a8d87f85abebd106b6c3fc3a340931c5

  • SHA1

    b35b4b1c4a9c4729f021a1c7fbdeb1909eb5d84d

  • SHA256

    3a33bcbef59011becd7de5bcc3f0cea7bd19ad899c536ea483aa22ca081a135d

  • SHA512

    7d3b846b3481f31072c198e90c80f8957a4dd67834a125da12e21198bc58823e0da5e5114404c783bd7cae642ee31c187571fa1a1c337633219a91d249aade01

Score
10/10
darkcometrunescaperattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Runescape

C2

mrsnickers03.no-ip.biz:340

Mutex

DC_MUTEX-6ZFK11A

Attributes
  • gencode

    uNwew4gojxtu

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a33bcbef59011becd7de5bcc3f0cea7bd19ad899c536ea483aa22ca081a135d.exe
    "C:\Users\Admin\AppData\Local\Temp\3a33bcbef59011becd7de5bcc3f0cea7bd19ad899c536ea483aa22ca081a135d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:644
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Windows\system32\svchost.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1768
    • C:\Users\Admin\AppData\Local\Temp\3a33bcbef59011becd7de5bcc3f0cea7bd19ad899c536ea483aa22ca081a135d.exe
      "C:\Users\Admin\AppData\Local\Temp\3a33bcbef59011becd7de5bcc3f0cea7bd19ad899c536ea483aa22ca081a135d.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEWOK.bat
    MD5

    92353035f01403e26aa2ff51c3963238

    SHA1

    d13f167c73bfce23a2deab8ce7c4ce9f78759ff4

    SHA256

    2e72a8542f8f809bfb1e4adfb481c7c5e6dc00dda7970c74692ba8d83ea0a870

    SHA512

    74560e33477caae3c7bc13914e4ae3c6911bbcfe257b2833155c236a158db0aca17478beb9d97f648ff1ea566005260f511361771c74203195107f4e82cce7df

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    969ead2aca1fd7fe5736a6f08a005c71

    SHA1

    5ac816806e6025a392f738f9f45dea1b20a81619

    SHA256

    5cc5215dd0b19fd10e61abc1c9036c9e10dbb7335f608fc12a471f1562427f73

    SHA512

    662315956b2cb3ebfe454bbca24498a5057848596ee816bd4e6ce432f42b8e75618354b62318deaf7bd102ecca01a6987b10c91332d26bdb40d875bf783650a0

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    969ead2aca1fd7fe5736a6f08a005c71

    SHA1

    5ac816806e6025a392f738f9f45dea1b20a81619

    SHA256

    5cc5215dd0b19fd10e61abc1c9036c9e10dbb7335f608fc12a471f1562427f73

    SHA512

    662315956b2cb3ebfe454bbca24498a5057848596ee816bd4e6ce432f42b8e75618354b62318deaf7bd102ecca01a6987b10c91332d26bdb40d875bf783650a0

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    969ead2aca1fd7fe5736a6f08a005c71

    SHA1

    5ac816806e6025a392f738f9f45dea1b20a81619

    SHA256

    5cc5215dd0b19fd10e61abc1c9036c9e10dbb7335f608fc12a471f1562427f73

    SHA512

    662315956b2cb3ebfe454bbca24498a5057848596ee816bd4e6ce432f42b8e75618354b62318deaf7bd102ecca01a6987b10c91332d26bdb40d875bf783650a0

    Download Submit
  • C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    969ead2aca1fd7fe5736a6f08a005c71

    SHA1

    5ac816806e6025a392f738f9f45dea1b20a81619

    SHA256

    5cc5215dd0b19fd10e61abc1c9036c9e10dbb7335f608fc12a471f1562427f73

    SHA512

    662315956b2cb3ebfe454bbca24498a5057848596ee816bd4e6ce432f42b8e75618354b62318deaf7bd102ecca01a6987b10c91332d26bdb40d875bf783650a0

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    969ead2aca1fd7fe5736a6f08a005c71

    SHA1

    5ac816806e6025a392f738f9f45dea1b20a81619

    SHA256

    5cc5215dd0b19fd10e61abc1c9036c9e10dbb7335f608fc12a471f1562427f73

    SHA512

    662315956b2cb3ebfe454bbca24498a5057848596ee816bd4e6ce432f42b8e75618354b62318deaf7bd102ecca01a6987b10c91332d26bdb40d875bf783650a0

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    969ead2aca1fd7fe5736a6f08a005c71

    SHA1

    5ac816806e6025a392f738f9f45dea1b20a81619

    SHA256

    5cc5215dd0b19fd10e61abc1c9036c9e10dbb7335f608fc12a471f1562427f73

    SHA512

    662315956b2cb3ebfe454bbca24498a5057848596ee816bd4e6ce432f42b8e75618354b62318deaf7bd102ecca01a6987b10c91332d26bdb40d875bf783650a0

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    969ead2aca1fd7fe5736a6f08a005c71

    SHA1

    5ac816806e6025a392f738f9f45dea1b20a81619

    SHA256

    5cc5215dd0b19fd10e61abc1c9036c9e10dbb7335f608fc12a471f1562427f73

    SHA512

    662315956b2cb3ebfe454bbca24498a5057848596ee816bd4e6ce432f42b8e75618354b62318deaf7bd102ecca01a6987b10c91332d26bdb40d875bf783650a0

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    969ead2aca1fd7fe5736a6f08a005c71

    SHA1

    5ac816806e6025a392f738f9f45dea1b20a81619

    SHA256

    5cc5215dd0b19fd10e61abc1c9036c9e10dbb7335f608fc12a471f1562427f73

    SHA512

    662315956b2cb3ebfe454bbca24498a5057848596ee816bd4e6ce432f42b8e75618354b62318deaf7bd102ecca01a6987b10c91332d26bdb40d875bf783650a0

    Download Submit
  • \Users\Admin\AppData\Roaming\IDM\ichader.exe
    MD5

    969ead2aca1fd7fe5736a6f08a005c71

    SHA1

    5ac816806e6025a392f738f9f45dea1b20a81619

    SHA256

    5cc5215dd0b19fd10e61abc1c9036c9e10dbb7335f608fc12a471f1562427f73

    SHA512

    662315956b2cb3ebfe454bbca24498a5057848596ee816bd4e6ce432f42b8e75618354b62318deaf7bd102ecca01a6987b10c91332d26bdb40d875bf783650a0

    Download Submit
  • memory/644-9-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-23-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-18-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-17-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-16-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-13-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-12-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-11-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-10-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-6-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-8-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-5-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-4-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-3-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-2-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-7-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-26-0x0000000000718000-0x0000000000719000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-30-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-19-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-29-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-28-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-27-0x0000000000718000-0x0000000000719000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-25-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-24-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-22-0x0000000000716000-0x0000000000717000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-78-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-70-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-83-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-82-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-51-0x0000000000000000-mapping.dmp
    Download
  • memory/816-81-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-80-0x0000000000748000-0x0000000000749000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-79-0x0000000000748000-0x0000000000749000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-55-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-56-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-57-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-58-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-59-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-60-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-61-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-62-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-63-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-64-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-65-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-66-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-69-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-76-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-71-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-72-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-75-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/816-77-0x0000000000746000-0x0000000000747000-memory.dmp
    Filesize

    4KB

    Download
  • memory/828-84-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/828-86-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/828-85-0x000000000040B000-mapping.dmp
    Download
  • memory/888-43-0x0000000000000000-mapping.dmp
    Download
  • memory/900-40-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/900-39-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/900-37-0x00000000004085D0-mapping.dmp
    Download
  • memory/900-35-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1032-45-0x0000000000000000-mapping.dmp
    Download
  • memory/1596-90-0x00000000004085D0-mapping.dmp
    Download
  • memory/1768-34-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1768-32-0x000000000040B000-mapping.dmp
    Download
  • memory/1768-33-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1768-31-0x0000000000400000-0x000000000040C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1960-97-0x00000000004B5210-mapping.dmp
    Download
  • memory/1960-96-0x0000000000400000-0x00000000004B7000-memory.dmp
    Filesize

    732KB

    Download
  • memory/1960-101-0x0000000000400000-0x00000000004B7000-memory.dmp
    Filesize

    732KB

    Download
  • memory/1960-102-0x0000000000400000-0x00000000004B7000-memory.dmp
    Filesize

    732KB

    Download