Overview

overview

10

Static

static

471ab55fae...06.exe

windows7-x64

10

471ab55fae...06.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    471ab55fae979dc3661c700ec701af0346159f97aa6de8dc541670623201b106

  • Size

    608KB

  • Sample

    221123-s7jjbsgc6y

  • MD5

    42a5fff8d81320870df6af95fb02b68d

  • SHA1

    f0a96ed22ea452a0c9af853015bf20bdb513e648

  • SHA256

    471ab55fae979dc3661c700ec701af0346159f97aa6de8dc541670623201b106

  • SHA512

    41ef0d5b94cba6c03550f0b0a50f49f21230338376e9cae21a6da26ff36db375034fb605cee5ae67f73417848186cb3a2ce71a5e14c24796437731b006c2cfee

  • SSDEEP

    12288:IRBWobw7roJCq49/iUEZnp99R4VTTvznxZ+q6vGC4Dy8US:WGWC/pEJbXmTTxZ+1GCr8US

Score
10/10
darkcometguest16_minpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

dcratted.duckdns.org:3080

Mutex

DCMIN_MUTEX-G22C7RQ

Attributes
  • gencode

    FFUwUJHhLVPu

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      471ab55fae979dc3661c700ec701af0346159f97aa6de8dc541670623201b106

    • Size

      608KB

    • MD5

      42a5fff8d81320870df6af95fb02b68d

    • SHA1

      f0a96ed22ea452a0c9af853015bf20bdb513e648

    • SHA256

      471ab55fae979dc3661c700ec701af0346159f97aa6de8dc541670623201b106

    • SHA512

      41ef0d5b94cba6c03550f0b0a50f49f21230338376e9cae21a6da26ff36db375034fb605cee5ae67f73417848186cb3a2ce71a5e14c24796437731b006c2cfee

    • SSDEEP

      12288:IRBWobw7roJCq49/iUEZnp99R4VTTvznxZ+q6vGC4Dy8US:WGWC/pEJbXmTTxZ+1GCr8US

    Score
    10/10
    darkcometguest16_minpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks