Overview

overview

10

Static

static

d05a8d0d1f...df.exe

windows7-x64

10

d05a8d0d1f...df.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d05a8d0d1f59604c4a166e60218b9b2531c15a407d36861db1ed9814b23228df

  • Size

    312KB

  • Sample

    221011-hfs9caaec3

  • MD5

    7987d8038a7766c6d7d8aa9a12650171

  • SHA1

    b188cbcaaa68102248e1803d4f653b44eefd0edc

  • SHA256

    d05a8d0d1f59604c4a166e60218b9b2531c15a407d36861db1ed9814b23228df

  • SHA512

    c490a1da5d818dc0ce6f4fc3e8b366cef71b9b63c30e8e0a0849336df112d261a34c53d4b06fde68bd4cec2daad0000113358ba8674897c80174408a2c2da4e2

  • SSDEEP

    6144:Rs5AmiLkOTZUfR1qiUVYVdyDs6ZrY313LmwrPyCC+T10CWLTAC8:CCmDbqV6dyDixaWlWLTAC8

Score
10/10
darkcometguest16rattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-JNW0BZ4

Attributes
  • gencode

    DCrU6isJRB81

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      d05a8d0d1f59604c4a166e60218b9b2531c15a407d36861db1ed9814b23228df

    • Size

      312KB

    • MD5

      7987d8038a7766c6d7d8aa9a12650171

    • SHA1

      b188cbcaaa68102248e1803d4f653b44eefd0edc

    • SHA256

      d05a8d0d1f59604c4a166e60218b9b2531c15a407d36861db1ed9814b23228df

    • SHA512

      c490a1da5d818dc0ce6f4fc3e8b366cef71b9b63c30e8e0a0849336df112d261a34c53d4b06fde68bd4cec2daad0000113358ba8674897c80174408a2c2da4e2

    • SSDEEP

      6144:Rs5AmiLkOTZUfR1qiUVYVdyDs6ZrY313LmwrPyCC+T10CWLTAC8:CCmDbqV6dyDixaWlWLTAC8

    Score
    10/10
    darkcometguest16rattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks