Overview

overview

10

Static

static

10

8f7f602c91...38.exe

windows7_x64

10

8f7f602c91...38.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138

  • Size

    658KB

  • Sample

    220520-pwnr5aegdr

  • MD5

    236b6ef81c0a48db78ed1cf55ca2814f

  • SHA1

    cc4451e968eb003f7f9deb83712af8e491fb1128

  • SHA256

    8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138

  • SHA512

    84a9a8ad2e17b06893ac6860654e36d0e4567e994f083d3409ba61085f2caa895df14676e19c010377122325a384e042393f79f22546f94767940d5fa69c9d41

Score
10/10
darkcometsazanrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

127.0.0.1:1604

Mutex

DC_MUTEX-YZAGFWT

Attributes
  • gencode

    2rQx8HKBsJNR

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138

    • Size

      658KB

    • MD5

      236b6ef81c0a48db78ed1cf55ca2814f

    • SHA1

      cc4451e968eb003f7f9deb83712af8e491fb1128

    • SHA256

      8f7f602c910b0805f1150b19777c0df48cd2d0514736ee0258e6636076ebf138

    • SHA512

      84a9a8ad2e17b06893ac6860654e36d0e4567e994f083d3409ba61085f2caa895df14676e19c010377122325a384e042393f79f22546f94767940d5fa69c9d41

    Score
    10/10
    darkcometrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks