Overview

overview

10

Static

static

728181c7ed...25.exe

windows7-x64

10

728181c7ed...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    728181c7ed8e4bbf0c91c8bfc0d7522a8fd1ea7ec31459efca766ab9e49cd525

  • Size

    1012KB

  • Sample

    221123-ss1t3afc5z

  • MD5

    aa6194d488a45e3a943aa588be60371c

  • SHA1

    36f22dc03e4139d5fa9ef66fc22f6806e555daff

  • SHA256

    728181c7ed8e4bbf0c91c8bfc0d7522a8fd1ea7ec31459efca766ab9e49cd525

  • SHA512

    775f450e72700532a31f7fe1a4583b5f35fb3a11a76e892d604aa8a4b09900dec6a2f50536c4768bc0a93dd35d9e33f2799520375831e3fdbac9740e9e862127

  • SSDEEP

    24576:ZZ0zeWxE/7vsv2sWBBFe5wB3kxntZ7EnMUODv0dJlJUafhtI86:ZZSemE/7vsvE7e5O3w1Jmdfxfbf

Score
10/10
darkcomet824rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

824

C2

kelgr95167.crabdance.com:4390

kelgr95167.crabdance.com:4391
Mutex

DC_MUTEX-BPLWD3R

Attributes
  • gencode

    Pp9xJ6wXRY9N

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      728181c7ed8e4bbf0c91c8bfc0d7522a8fd1ea7ec31459efca766ab9e49cd525

    • Size

      1012KB

    • MD5

      aa6194d488a45e3a943aa588be60371c

    • SHA1

      36f22dc03e4139d5fa9ef66fc22f6806e555daff

    • SHA256

      728181c7ed8e4bbf0c91c8bfc0d7522a8fd1ea7ec31459efca766ab9e49cd525

    • SHA512

      775f450e72700532a31f7fe1a4583b5f35fb3a11a76e892d604aa8a4b09900dec6a2f50536c4768bc0a93dd35d9e33f2799520375831e3fdbac9740e9e862127

    • SSDEEP

      24576:ZZ0zeWxE/7vsv2sWBBFe5wB3kxntZ7EnMUODv0dJlJUafhtI86:ZZSemE/7vsvE7e5O3w1Jmdfxfbf

    Score
    10/10
    darkcomet824rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks