General

  • Target

    703ab18d1d342882c6551a20df54c52f426d1a15ab103cf74be393e5548d76dc

  • Size

    731KB

  • Sample

    221019-2h4bwabeaj

  • MD5

    825bfe2be9f7896d96000cf673a3f090

  • SHA1

    9f2d0685507171b0d8b94cd6a831af07e2fff50a

  • SHA256

    703ab18d1d342882c6551a20df54c52f426d1a15ab103cf74be393e5548d76dc

  • SHA512

    d5f4ad7c36b1d295f580989d248da6188920e7108f329ff7cb35b46d173bb7a750690bc489ae0374d4e42989be04befa9addd6dc2d6a43d6ba282e4c83fbdf49

  • SSDEEP

    12288:Rlu6qrANNiUwMzhgx1s5UokvVJXkfNVvHkyBrAlSG/gxniCOM+fP9o6kRpTBnq0H:GsNNdHhcOUxvvXyNxrBrAlSGInEM+9oF

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

darkcomet

Botnet

Vanished LAN Virus

C2

192.168.1.110:6454

Mutex

DC_MUTEX-QLZEMAY

Attributes
  • gencode

    lLeHvcrjpQuy

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Targets

    • Target

      703ab18d1d342882c6551a20df54c52f426d1a15ab103cf74be393e5548d76dc

    • Size

      731KB

    • MD5

      825bfe2be9f7896d96000cf673a3f090

    • SHA1

      9f2d0685507171b0d8b94cd6a831af07e2fff50a

    • SHA256

      703ab18d1d342882c6551a20df54c52f426d1a15ab103cf74be393e5548d76dc

    • SHA512

      d5f4ad7c36b1d295f580989d248da6188920e7108f329ff7cb35b46d173bb7a750690bc489ae0374d4e42989be04befa9addd6dc2d6a43d6ba282e4c83fbdf49

    • SSDEEP

      12288:Rlu6qrANNiUwMzhgx1s5UokvVJXkfNVvHkyBrAlSG/gxniCOM+fP9o6kRpTBnq0H:GsNNdHhcOUxvvXyNxrBrAlSGInEM+9oF

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

MITRE ATT&CK Matrix

Tasks