Overview

overview

10

Static

static

5f4a2e223d...51.exe

windows7-x64

10

5f4a2e223d...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f4a2e223d827a6d3a517767d8ee477de0948985c4fc748593529886b8240651

  • Size

    910KB

  • Sample

    220731-v6gpfshef8

  • MD5

    3b165b5c042b776c6f666ade069d010e

  • SHA1

    ccb3829d6499ef5e13e0b7a415ab7e4167127521

  • SHA256

    5f4a2e223d827a6d3a517767d8ee477de0948985c4fc748593529886b8240651

  • SHA512

    ea6ebea9cbdd60568033f9f07a985e6842acca1fbce7770588c7c9bde1d6bff4e15ba080c57b8bba55c772b2e8142aba1bb22219e68afbbd32d4279da4128eab

Score
10/10
darkcometguest16evasionrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

46.32.156.196:1604

Mutex

DC_MUTEX-VFSZXPA

Attributes
  • gencode

    2zVGoXqPrq9K

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      5f4a2e223d827a6d3a517767d8ee477de0948985c4fc748593529886b8240651

    • Size

      910KB

    • MD5

      3b165b5c042b776c6f666ade069d010e

    • SHA1

      ccb3829d6499ef5e13e0b7a415ab7e4167127521

    • SHA256

      5f4a2e223d827a6d3a517767d8ee477de0948985c4fc748593529886b8240651

    • SHA512

      ea6ebea9cbdd60568033f9f07a985e6842acca1fbce7770588c7c9bde1d6bff4e15ba080c57b8bba55c772b2e8142aba1bb22219e68afbbd32d4279da4128eab

    Score
    10/10
    darkcometguest16evasionrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

2
T1031

Hidden Files and Directories

2
T1158

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Disabling Security Tools

1
T1089

Hidden Files and Directories

2
T1158

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks