Overview

overview

10

Static

static

f221abcc28...7a.exe

windows7_x64

10

f221abcc28...7a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f221abcc28479d141353cdf6963987ed217d33eea32cca67e10a68e63c1dfc7a

  • Size

    644KB

  • Sample

    210228-blr8bs15qj

  • MD5

    0d3f19a7659758718fa2f98942158f80

  • SHA1

    20bded958907454ad87040c2f9c8bbe81f1aba7f

  • SHA256

    f221abcc28479d141353cdf6963987ed217d33eea32cca67e10a68e63c1dfc7a

  • SHA512

    9e184048301ea56fd1632efcaa1aec05185b2b916b703460752a27aeff9a72d5918353a356252588c0db8736208a8116a76e98e70dd4e12135278a08c676e7b7

Score
10/10
darkcometguest16rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

192.168.0.23:1604

Mutex

DC_MUTEX-DHQ9E4A

Attributes
  • gencode

    iJFVs5RVgM1t

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      f221abcc28479d141353cdf6963987ed217d33eea32cca67e10a68e63c1dfc7a

    • Size

      644KB

    • MD5

      0d3f19a7659758718fa2f98942158f80

    • SHA1

      20bded958907454ad87040c2f9c8bbe81f1aba7f

    • SHA256

      f221abcc28479d141353cdf6963987ed217d33eea32cca67e10a68e63c1dfc7a

    • SHA512

      9e184048301ea56fd1632efcaa1aec05185b2b916b703460752a27aeff9a72d5918353a356252588c0db8736208a8116a76e98e70dd4e12135278a08c676e7b7

    Score
    10/10
    darkcometguest16rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks