Overview

overview

10

Static

static

99ed455cf7...e3.exe

windows7_x64

10

99ed455cf7...e3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99ed455cf7867678bf77bdbcd8fd1c73586a78402e451c436a2036060ae1fae3

  • Size

    939KB

  • Sample

    201110-bcwf4ewhgn

  • MD5

    0e838be21a95730626f8751e6d58e1a7

  • SHA1

    c5dbfdf431daa4e76029eb91ea622a2973ebbf18

  • SHA256

    99ed455cf7867678bf77bdbcd8fd1c73586a78402e451c436a2036060ae1fae3

  • SHA512

    746c6d95bd7a1f6fe02a6ab01617017143b4675c383dafcad7ced10d4372b804f584d9e3e271921141950130b3c5208cc181d7fee6dbe1a719917202a5cf0a90

Score
10/10
darkcometguest16rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

192.168.1.132:1604
Mutex

DC_MUTEX-UZ5QYPV

Attributes
  • gencode

    00JBqsRoxY0q

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      99ed455cf7867678bf77bdbcd8fd1c73586a78402e451c436a2036060ae1fae3

    • Size

      939KB

    • MD5

      0e838be21a95730626f8751e6d58e1a7

    • SHA1

      c5dbfdf431daa4e76029eb91ea622a2973ebbf18

    • SHA256

      99ed455cf7867678bf77bdbcd8fd1c73586a78402e451c436a2036060ae1fae3

    • SHA512

      746c6d95bd7a1f6fe02a6ab01617017143b4675c383dafcad7ced10d4372b804f584d9e3e271921141950130b3c5208cc181d7fee6dbe1a719917202a5cf0a90

    Score
    10/10
    darkcometguest16rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks