Overview

overview

10

Static

static

URLScan

urlscan

https://github.com

windows10-2004-x64

10

Resubmissions

18/11/2022, 14:52

221118-r85mhshf55 1

08/11/2022, 14:30

221108-rvcpkscaa3 8

07/11/2022, 15:52

221107-tbh4csefh4 8

07/11/2022, 10:35

221107-mm5m6secgn 1

06/11/2022, 13:08

221106-qdjk5aehgj 9

05/11/2022, 20:23

221105-y589vsbhcj 8

05/11/2022, 16:11

221105-tm8s6aaggj 10

05/11/2022, 07:34

221105-jd7jmaggal 8

04/11/2022, 20:40

221104-zgabascfgq 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com

  • Sample

    221104-yrp9tsaed9

Score
10/10
blacknetdarkcometguest16persistencerattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

gameservice.ddns.net:4320

Mutex

DC_MUTEX-WBUNVXD

Attributes
  • InstallPath

    AudioDriver\taskhost.exe

  • gencode

    EWSsWwgyJrUD

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    AudioDriver

Targets

    • Target

      https://github.com

    Score
    10/10
    blacknetdarkcometguest16persistencerattrojanupx

    • BlackNET

      BlackNET is an open source remote access tool written in VB.NET.

      trojanblacknet

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks