Overview

overview

10

Static

static

10

e437647987...d4.exe

windows7_x64

10

e437647987...d4.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e437647987807d34da932489603025d4

  • Size

    945KB

  • Sample

    201214-al2ggwvk5e

  • MD5

    e437647987807d34da932489603025d4

  • SHA1

    d1129315116b9c041942df9d9fa49323a416125b

  • SHA256

    550c64585f830c9ab794ad1f9e9df78ecf9b2dc8580038532e9b9033118186a1

  • SHA512

    24c4021a81cccf1b99d3795e50aee0524910735a5446ef7d8f012b16139767a4c169d51ce0473f4eb7c56380d48fb1deb6b005a63cd74f1eaade3e40a09d0676

Score
10/10
darkcometguestevasionrattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

guest

C2

127.0.0.1:1604

Mutex

DC_MUTEX-1JZLPXV

Attributes
  • gencode

    9npjPzJ7GsSo

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      e437647987807d34da932489603025d4

    • Size

      945KB

    • MD5

      e437647987807d34da932489603025d4

    • SHA1

      d1129315116b9c041942df9d9fa49323a416125b

    • SHA256

      550c64585f830c9ab794ad1f9e9df78ecf9b2dc8580038532e9b9033118186a1

    • SHA512

      24c4021a81cccf1b99d3795e50aee0524910735a5446ef7d8f012b16139767a4c169d51ce0473f4eb7c56380d48fb1deb6b005a63cd74f1eaade3e40a09d0676

    Score
    10/10
    darkcometguestevasionrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks