Overview

overview

10

Static

static

10

9bc517bad0...9a.exe

windows7_x64

10

9bc517bad0...9a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9bc517bad059d0d52ca121e3d612f2283ee06a36f08f125f28f5f840c5365e9a

  • Size

    658KB

  • Sample

    220520-pwgntabgf7

  • MD5

    a5695f82fa2ac0bf31ea53da35f48ff7

  • SHA1

    347edf2679ad426c1ff9bb68fb984b79c067e171

  • SHA256

    9bc517bad059d0d52ca121e3d612f2283ee06a36f08f125f28f5f840c5365e9a

  • SHA512

    5ebe14d6b70f24b6fd383df22ce1472a0b11db3805203004146808c16ac765884f0d5d36747f7de5aaccf7be74fd0a69bd6a28feb50875af9800c50cf15a90f6

Score
10/10
darkcometsazanrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

127.0.0.1:1604

Mutex

DC_MUTEX-X3JX9H5

Attributes
  • gencode

    mHEqoDGuKrg1

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      9bc517bad059d0d52ca121e3d612f2283ee06a36f08f125f28f5f840c5365e9a

    • Size

      658KB

    • MD5

      a5695f82fa2ac0bf31ea53da35f48ff7

    • SHA1

      347edf2679ad426c1ff9bb68fb984b79c067e171

    • SHA256

      9bc517bad059d0d52ca121e3d612f2283ee06a36f08f125f28f5f840c5365e9a

    • SHA512

      5ebe14d6b70f24b6fd383df22ce1472a0b11db3805203004146808c16ac765884f0d5d36747f7de5aaccf7be74fd0a69bd6a28feb50875af9800c50cf15a90f6

    Score
    10/10
    darkcometrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks