Overview

overview

10

Static

static

10

645a6c9344...52.exe

windows7_x64

10

645a6c9344...52.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52

  • Size

    658KB

  • Sample

    220524-3q2zfscaa5

  • MD5

    98343399d5aac84bacbeddc5a3385836

  • SHA1

    e1c7bb2b21d7f46de57c26b407235972b1a6e28a

  • SHA256

    645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52

  • SHA512

    39a0daf741484e8bd692ab2abfec76f534ebb84ee72c41337d4499fba04c590da9fbd627a003038147a3dcf94b6198ab9f2cda52d480e7afd288a0f4fcc4471c

Score
10/10
darkcometsazanrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

tfghjgnjgn.duckdns.org:1604

Mutex

DC_MUTEX-VAATB5Q

Attributes
  • gencode

    hQ6WqukjQ8KZ

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52

    • Size

      658KB

    • MD5

      98343399d5aac84bacbeddc5a3385836

    • SHA1

      e1c7bb2b21d7f46de57c26b407235972b1a6e28a

    • SHA256

      645a6c93449bcfb3dbaa3c016e40daf590fcc125cb3243e0fe0f34b8f8e30d52

    • SHA512

      39a0daf741484e8bd692ab2abfec76f534ebb84ee72c41337d4499fba04c590da9fbd627a003038147a3dcf94b6198ab9f2cda52d480e7afd288a0f4fcc4471c

    Score
    10/10
    darkcometrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks