Overview

overview

10

Static

static

dbbc47989d...85.exe

windows7-x64

10

dbbc47989d...85.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbbc47989dd4c70eb35b38633fafa99c75446747aa9bd1f0a4fd33b5faef1785

  • Size

    1.5MB

  • Sample

    221003-b7b1tabba4

  • MD5

    631c099762eabd46aca2763f55d29440

  • SHA1

    6d041a042c136310531fcd23d684456a4641513d

  • SHA256

    dbbc47989dd4c70eb35b38633fafa99c75446747aa9bd1f0a4fd33b5faef1785

  • SHA512

    92df3a3fdea9cd3610ee7a3ff674a922e8fd2b696303b3c2d626eb6f89185962fbbacf128ff8cb865f7cd6c6c4dc9b1b10e12c57f0d4e50dacdb34d1eeeb1738

  • SSDEEP

    24576:v2O/Gl1wdXC9+ouj0Wq4ZiCv5uq5YQfDi6fUuPE77AMkycLTpppD+:BoofqMH5YE3Mv79/qTpC

Score
10/10
darkcometemeka.persistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

EMEKA.

C2

emilink.ddns.net:2344

emilink.ddns.net:2345

emilink.ddns.net:2346
Mutex

DC_MUTEX-WZ5FTVJ

Attributes
  • gencode

    BiQTPlpqu3tM

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      dbbc47989dd4c70eb35b38633fafa99c75446747aa9bd1f0a4fd33b5faef1785

    • Size

      1.5MB

    • MD5

      631c099762eabd46aca2763f55d29440

    • SHA1

      6d041a042c136310531fcd23d684456a4641513d

    • SHA256

      dbbc47989dd4c70eb35b38633fafa99c75446747aa9bd1f0a4fd33b5faef1785

    • SHA512

      92df3a3fdea9cd3610ee7a3ff674a922e8fd2b696303b3c2d626eb6f89185962fbbacf128ff8cb865f7cd6c6c4dc9b1b10e12c57f0d4e50dacdb34d1eeeb1738

    • SSDEEP

      24576:v2O/Gl1wdXC9+ouj0Wq4ZiCv5uq5YQfDi6fUuPE77AMkycLTpppD+:BoofqMH5YE3Mv79/qTpC

    Score
    10/10
    darkcometemeka.persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks