Overview

overview

10

Static

static

10

a2dff7ad9f...cb.exe

windows7_x64

10

a2dff7ad9f...cb.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2dff7ad9fd1ba464b6e116e783130b22fd809b0384acdf55d5b075cdba71fcb

  • Size

    658KB

  • Sample

    210505-p2pav7g8lx

  • MD5

    f0016753a0f7d4a77577219f32cbe1a3

  • SHA1

    8cf1834af6492053e1d52c202e2f447978d36898

  • SHA256

    a2dff7ad9fd1ba464b6e116e783130b22fd809b0384acdf55d5b075cdba71fcb

  • SHA512

    285ddc39de01fb5b57ef95102cfb085847274b41a91b90de6c01dfa3f0c553f3c5968750cd9577f681eed7b18ca23530c2a186821b28468665078ad9c76f1c8a

Score
10/10
darkcometjunior_sazanpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Junior_Sazan

C2

tcp.ngrok.io:1604

Mutex

DCMIN_MUTEX-TGBV1JW

Attributes
  • InstallPath

    DCSCMIN\IMDCSC.exe

  • gencode

    DYogjpAqTBHJ

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    Windows Defender

Targets

    • Target

      a2dff7ad9fd1ba464b6e116e783130b22fd809b0384acdf55d5b075cdba71fcb

    • Size

      658KB

    • MD5

      f0016753a0f7d4a77577219f32cbe1a3

    • SHA1

      8cf1834af6492053e1d52c202e2f447978d36898

    • SHA256

      a2dff7ad9fd1ba464b6e116e783130b22fd809b0384acdf55d5b075cdba71fcb

    • SHA512

      285ddc39de01fb5b57ef95102cfb085847274b41a91b90de6c01dfa3f0c553f3c5968750cd9577f681eed7b18ca23530c2a186821b28468665078ad9c76f1c8a

    Score
    10/10
    darkcometjunior_sazanpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks