Overview

overview

10

Static

static

10

a3e2aa1990...fe.exe

windows7-x64

10

a3e2aa1990...fe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3e2aa19908dce9305812292b3e13c17f0c08d17b9150d169ef78a94ddfd94fe

  • Size

    1.5MB

  • Sample

    221123-s6aj2agb8w

  • MD5

    d43b7ec61bb8240706fc6d978ac04fc2

  • SHA1

    3f35a01efa6b58a0e9d6f8134760459b60372bcc

  • SHA256

    a3e2aa19908dce9305812292b3e13c17f0c08d17b9150d169ef78a94ddfd94fe

  • SHA512

    2afbab25c5933d8a168a49e707c34955bc2439fb253bc2b5ceab3db491562ca995a5ea9269022acd2ce019efda223fec5893884d1ad4dc43a07fee668c5a0198

  • SSDEEP

    24576:5Z1xuVVjfFoynPaVBUR8f+kN10EB4JAcqMMcSTENKg1jqY498V:jQDgok30zBqBcRLtu8V

Score
10/10
darkcometguest16rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-CHAFHG3

Attributes
  • gencode

    p44BPmcDuF3E

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      a3e2aa19908dce9305812292b3e13c17f0c08d17b9150d169ef78a94ddfd94fe

    • Size

      1.5MB

    • MD5

      d43b7ec61bb8240706fc6d978ac04fc2

    • SHA1

      3f35a01efa6b58a0e9d6f8134760459b60372bcc

    • SHA256

      a3e2aa19908dce9305812292b3e13c17f0c08d17b9150d169ef78a94ddfd94fe

    • SHA512

      2afbab25c5933d8a168a49e707c34955bc2439fb253bc2b5ceab3db491562ca995a5ea9269022acd2ce019efda223fec5893884d1ad4dc43a07fee668c5a0198

    • SSDEEP

      24576:5Z1xuVVjfFoynPaVBUR8f+kN10EB4JAcqMMcSTENKg1jqY498V:jQDgok30zBqBcRLtu8V

    Score
    10/10
    darkcometrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks