Overview

overview

10

Static

static

10

Bu_senin_i...km.exe

windows7_x64

10

Bu_senin_i...km.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bu_senin_icin_Askm.exe

  • Size

    658KB

  • Sample

    210405-v6nht96eys

  • MD5

    acfd80a424bc1cf1505baddbd8dc310d

  • SHA1

    4c9447e55fcafc784a31ec0ac20d033af3874a2a

  • SHA256

    0345e5e50f1138a5184d72d01477c71b294c0bb671abd729116c828b73721f00

  • SHA512

    7b8c18d3e4ef2d55c7a4f0306901042c242684551b9a1c86f038f60186da062111384c17221d50fb9b89b9b596a8e4640bb05305d5c66661e766dbc5fc81a5e4

Score
10/10
darkcometefosinsrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Efosins

C2

192.168.56.1:1000

Mutex

DC_MUTEX-7WRSU55

Attributes
  • gencode

    Ea7h3k88w4Ap

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      Bu_senin_icin_Askm.exe

    • Size

      658KB

    • MD5

      acfd80a424bc1cf1505baddbd8dc310d

    • SHA1

      4c9447e55fcafc784a31ec0ac20d033af3874a2a

    • SHA256

      0345e5e50f1138a5184d72d01477c71b294c0bb671abd729116c828b73721f00

    • SHA512

      7b8c18d3e4ef2d55c7a4f0306901042c242684551b9a1c86f038f60186da062111384c17221d50fb9b89b9b596a8e4640bb05305d5c66661e766dbc5fc81a5e4

    Score
    10/10
    darkcometefosinsrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks