Overview

overview

10

Static

static

10

4565983c56...8b.exe

windows7_x64

10

4565983c56...8b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4565983c56ad07456e1fedc689887813df0f0fbff3bb716e687347d53526d88b

  • Size

    658KB

  • Sample

    210228-bsr3yrgzq2

  • MD5

    1a46d4fe75e27fd9f55e2e06bf9cdaac

  • SHA1

    0733d98ea3e242015ff93f21083367e93c2f486b

  • SHA256

    4565983c56ad07456e1fedc689887813df0f0fbff3bb716e687347d53526d88b

  • SHA512

    aefc1eee00eab34386cba39c567357626b0a69bfd5f81cce8fb77cd168b2176f06e45e8d342ff4145ed1055ede37d0547252365ffb1159a851ea7bf1fdf1e807

Score
10/10
darkcometguest16rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

4.tcp.ngrok.io:11187

Mutex

DC_MUTEX-2ZHKKS1

Attributes
  • gencode

    0Jo5ooH7cVw6

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      4565983c56ad07456e1fedc689887813df0f0fbff3bb716e687347d53526d88b

    • Size

      658KB

    • MD5

      1a46d4fe75e27fd9f55e2e06bf9cdaac

    • SHA1

      0733d98ea3e242015ff93f21083367e93c2f486b

    • SHA256

      4565983c56ad07456e1fedc689887813df0f0fbff3bb716e687347d53526d88b

    • SHA512

      aefc1eee00eab34386cba39c567357626b0a69bfd5f81cce8fb77cd168b2176f06e45e8d342ff4145ed1055ede37d0547252365ffb1159a851ea7bf1fdf1e807

    Score
    10/10
    darkcometguest16rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks