Overview

overview

10

Static

static

619a89b25f...64.exe

windows7-x64

10

619a89b25f...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    619a89b25ff451282ac15cb9f2d1b65ae3be708af486d0cf93ab7de24ca70864

  • Size

    700KB

  • Sample

    220730-zf5e2sgcfm

  • MD5

    342eb181947548cb5470897f322580c7

  • SHA1

    3875c583deb9c3be016a75f573cfe3ee062a67dd

  • SHA256

    619a89b25ff451282ac15cb9f2d1b65ae3be708af486d0cf93ab7de24ca70864

  • SHA512

    e4da115529384f38722b0e7bb7a78ee1b7158009a41ebbdea2dec40fb51614e6d8bcd8395e35f2d800a2e29fcfe4870fface085b74c746539b9dcf13423d9a13

Score
10/10
darkcometguest18rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest18

C2

127.0.0.1:1604

mitsosan.no-ip.biz:1604
Mutex

DC_MUTEX-EK9DQ8H

Attributes
  • gencode

    V2uuLtV8CNMk

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      619a89b25ff451282ac15cb9f2d1b65ae3be708af486d0cf93ab7de24ca70864

    • Size

      700KB

    • MD5

      342eb181947548cb5470897f322580c7

    • SHA1

      3875c583deb9c3be016a75f573cfe3ee062a67dd

    • SHA256

      619a89b25ff451282ac15cb9f2d1b65ae3be708af486d0cf93ab7de24ca70864

    • SHA512

      e4da115529384f38722b0e7bb7a78ee1b7158009a41ebbdea2dec40fb51614e6d8bcd8395e35f2d800a2e29fcfe4870fface085b74c746539b9dcf13423d9a13

    Score
    10/10
    darkcometguest18rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks