Overview

overview

10

Static

static

3717bcafe1...96.exe

windows7_x64

10

3717bcafe1...96.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3717bcafe138127143c62d0dee487defbe451a3c818f98f5e8c9d0f43bbd6e96

  • Size

    1.8MB

  • Sample

    210928-k7zasabcc9

  • MD5

    ef0fa837326628bff5da076ad75a562a

  • SHA1

    e6647ac7c03b9820b2cb23ab174caf4562c3ba59

  • SHA256

    3717bcafe138127143c62d0dee487defbe451a3c818f98f5e8c9d0f43bbd6e96

  • SHA512

    c38c80dd206177e6cc6b12a857b06d500c0a3564bf28ce617ef200b2ac4a16fefb32bfe38babb6870190f89ebec24b2dc733070be82af8998db6bb5eae5fd4fc

Score
10/10
darkcometguest16microsoftpersistencephishingrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

xExplictions.no-ip.biz:1604

Mutex

DC_MUTEX-GK7869K

Attributes
  • gencode

    jpGnHQUvJBkz

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      3717bcafe138127143c62d0dee487defbe451a3c818f98f5e8c9d0f43bbd6e96

    • Size

      1.8MB

    • MD5

      ef0fa837326628bff5da076ad75a562a

    • SHA1

      e6647ac7c03b9820b2cb23ab174caf4562c3ba59

    • SHA256

      3717bcafe138127143c62d0dee487defbe451a3c818f98f5e8c9d0f43bbd6e96

    • SHA512

      c38c80dd206177e6cc6b12a857b06d500c0a3564bf28ce617ef200b2ac4a16fefb32bfe38babb6870190f89ebec24b2dc733070be82af8998db6bb5eae5fd4fc

    Score
    10/10
    darkcometguest16persistencerattrojanmicrosoftphishing

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks