Overview

overview

10

Static

static

4f219da44b...69.exe

windows7-x64

10

4f219da44b...69.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f219da44b514bfada90bfbb1caed5d086d8b7ed6b7379fee258df8bfd0d4569

  • Size

    1.2MB

  • Sample

    221003-bnle5sacg7

  • MD5

    6bddfd1454aeee52c045efb156e578bf

  • SHA1

    ba412157a92991ab03ff68b4fba85555574246b3

  • SHA256

    4f219da44b514bfada90bfbb1caed5d086d8b7ed6b7379fee258df8bfd0d4569

  • SHA512

    a9c7d882f28b2eba11624dcc5429fcb7c0b66ff8eff65d8432324223395808ab5b0f48609a395bc4b8d68c454d4ae11d06a7219b6bf8157438691fc668e53f16

  • SSDEEP

    12288:vdgJBDDTA5PXjfMKSUVqRqN68vt/ijPanZnmqNXeS1LBjNwooq6rlwpUrvqu7QA/:

Score
10/10
darkcometguest16persistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

fisheraccount.no-ip.biz:1010

127.0.0.1:1010
Mutex

DC_MUTEX-UU0RBGL

Attributes
  • gencode

    GCnBDj5icbfH

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      4f219da44b514bfada90bfbb1caed5d086d8b7ed6b7379fee258df8bfd0d4569

    • Size

      1.2MB

    • MD5

      6bddfd1454aeee52c045efb156e578bf

    • SHA1

      ba412157a92991ab03ff68b4fba85555574246b3

    • SHA256

      4f219da44b514bfada90bfbb1caed5d086d8b7ed6b7379fee258df8bfd0d4569

    • SHA512

      a9c7d882f28b2eba11624dcc5429fcb7c0b66ff8eff65d8432324223395808ab5b0f48609a395bc4b8d68c454d4ae11d06a7219b6bf8157438691fc668e53f16

    • SSDEEP

      12288:vdgJBDDTA5PXjfMKSUVqRqN68vt/ijPanZnmqNXeS1LBjNwooq6rlwpUrvqu7QA/:

    Score
    10/10
    darkcometguest16persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks