Overview

overview

10

Static

static

a3c96604b0...b8.exe

windows7-x64

10

a3c96604b0...b8.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3c96604b01d189879f5076b3c94d0b10a19cd1a8e3e7935349c7036363b47b8

  • Size

    1.4MB

  • Sample

    221122-y5bctsbc41

  • MD5

    dc07030af6c807db6ffcb1eea9805846

  • SHA1

    03a4f4daad133a8c3b1fd8297317df194a4d9184

  • SHA256

    a3c96604b01d189879f5076b3c94d0b10a19cd1a8e3e7935349c7036363b47b8

  • SHA512

    91127b471c7620028dbbd220c6f7706a856827097158656b609a6cab5b10e553b9afff4f1bc3754e88bf4fc857e139e673e71d0a9fb2ba9a0c5216a69a2d2d15

  • SSDEEP

    24576:x3Oqr/iK/TH5yHTtqaw/Kf9hoWSXBMo0xZUEKLolSuWDyDf02g+I7LEn/XD:9trKK/TH5yHTtqaOKfjVdo0tlRWDAk3Q

Score
10/10
darkcometbotpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Bot

C2

sallad.chickenkiller.com:9331

Mutex

DC_MUTEX-NTQ979W

Attributes
  • gencode

    3ngHr6j4cxcy

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      a3c96604b01d189879f5076b3c94d0b10a19cd1a8e3e7935349c7036363b47b8

    • Size

      1.4MB

    • MD5

      dc07030af6c807db6ffcb1eea9805846

    • SHA1

      03a4f4daad133a8c3b1fd8297317df194a4d9184

    • SHA256

      a3c96604b01d189879f5076b3c94d0b10a19cd1a8e3e7935349c7036363b47b8

    • SHA512

      91127b471c7620028dbbd220c6f7706a856827097158656b609a6cab5b10e553b9afff4f1bc3754e88bf4fc857e139e673e71d0a9fb2ba9a0c5216a69a2d2d15

    • SSDEEP

      24576:x3Oqr/iK/TH5yHTtqaw/Kf9hoWSXBMo0xZUEKLolSuWDyDf02g+I7LEn/XD:9trKK/TH5yHTtqaOKfjVdo0tlRWDAk3Q

    Score
    10/10
    darkcometbotpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks