Overview

overview

10

Static

static

PAYMENTCON...6F.exe

windows7-x64

10

PAYMENTCON...6F.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60914de634edf999819750bfca780461b0ab9fa437b7a0df77bfdd60e6e703f4

  • Size

    325KB

  • Sample

    220731-ejq2lsgdek

  • MD5

    647b48a163ebc0d166c35bc46d7b836b

  • SHA1

    fdba6640e4b1e72163fc98bec1fe7cdfabe65b76

  • SHA256

    60914de634edf999819750bfca780461b0ab9fa437b7a0df77bfdd60e6e703f4

  • SHA512

    502b8c264a987f06cee57a8394dc0adad48e263f40022f17856b06ff9066b122cb126377b084f125316c7b7427a5649905f0f93b0f3addf3b1fd2480f487b71c

Score
10/10
darkcometnewport1rattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

NEWPORT1

C2

austin.mlbfan.org:2220

Mutex

DC_MUTEX-T6TM293

Attributes
  • gencode

    gutLHsPCWP68

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      PAYMENTCONFIRMATIONREQUEST092092992outputBC94F6F.exe

    • Size

      1.5MB

    • MD5

      0bdb26ca33bd21c9426be99b13227817

    • SHA1

      c1db7ee7509179c95ba1fe81c1f438995b6d7dcb

    • SHA256

      81be337ebb002a63ff0fff2c30060d91d9b07998e39b740a2763ab5d5cec831a

    • SHA512

      a9260ac1f768db12f49aadfc719ea4bf6a71131f6a8e4da8d54be99ab429ce1ba2b660db965b7fac0c4ca32e33c575b15ae7fbe2e4699eb1bf08e1a9cf726ed8

    Score
    10/10
    darkcometnewport1rattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks