Overview

overview

10

Static

static

10

146b331d7a...93.exe

windows7_x64

10

146b331d7a...93.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093

  • Size

    658KB

  • Sample

    220525-ad32rsced4

  • MD5

    5bff2c2bdc7523e24d7ecc0995a814e6

  • SHA1

    ba82bada9fc8e405b3e9fe5aa742cd5337cf6a2f

  • SHA256

    146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093

  • SHA512

    0c020e01655be45b7cddad37e7999e340d50a6c4b31b9c90c4f29aecd3bfc82fcdd99fdba207bd243154a965abb378a81a5c887c67dea87c21b97e32446b4d8a

Score
10/10
darkcometsazanrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

127.0.0.1:1604

Mutex

DC_MUTEX-HZHQGWL

Attributes
  • gencode

    rKgwZxBxjw7R

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093

    • Size

      658KB

    • MD5

      5bff2c2bdc7523e24d7ecc0995a814e6

    • SHA1

      ba82bada9fc8e405b3e9fe5aa742cd5337cf6a2f

    • SHA256

      146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093

    • SHA512

      0c020e01655be45b7cddad37e7999e340d50a6c4b31b9c90c4f29aecd3bfc82fcdd99fdba207bd243154a965abb378a81a5c887c67dea87c21b97e32446b4d8a

    Score
    10/10
    darkcometrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks