Overview

overview

10

Static

static

511535e2c7...bc.exe

windows7-x64

10

511535e2c7...bc.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    511535e2c71f17fbb05320f5e3d109c7258bddf6b738a2bc819eb7131208c0bc

  • Size

    2.8MB

  • Sample

    221123-vrzayscg3t

  • MD5

    ff9142946eaf74497cce37d6042a001e

  • SHA1

    84a9a186ca189b94b6cc96149b8a891fbb1ad4b8

  • SHA256

    511535e2c71f17fbb05320f5e3d109c7258bddf6b738a2bc819eb7131208c0bc

  • SHA512

    c124a5d17c0d350d3c5b180644bee992e4eb634e25e6c8cce2f4da2336461d98eb5901a0b69b61b7b81aa4bc771c2f2f40fd7f8040b44894c9c84ae7cdb7a249

  • SSDEEP

    49152:GNX1vMYf017Whi8bfjQagbDEeqJJrn5m/4sit6QNt9NSlCf:K9MDW08bfjQagceqTr53YC

Score
10/10
darkcometdeforsguest16persistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

darkcometratt.no-ip.org:1604

Mutex

DC_MUTEX-WG0MMGJ

Attributes
  • gencode

    Rsl0xg3qg2h8

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Extracted

Family

darkcomet

Botnet

DEFORS

C2

rsnoip.ddns.net:1997

Mutex

DCMIN_MUTEX-C5RDYJH

Attributes
  • gencode

    NToT30g4twDC

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      511535e2c71f17fbb05320f5e3d109c7258bddf6b738a2bc819eb7131208c0bc

    • Size

      2.8MB

    • MD5

      ff9142946eaf74497cce37d6042a001e

    • SHA1

      84a9a186ca189b94b6cc96149b8a891fbb1ad4b8

    • SHA256

      511535e2c71f17fbb05320f5e3d109c7258bddf6b738a2bc819eb7131208c0bc

    • SHA512

      c124a5d17c0d350d3c5b180644bee992e4eb634e25e6c8cce2f4da2336461d98eb5901a0b69b61b7b81aa4bc771c2f2f40fd7f8040b44894c9c84ae7cdb7a249

    • SSDEEP

      49152:GNX1vMYf017Whi8bfjQagbDEeqJJrn5m/4sit6QNt9NSlCf:K9MDW08bfjQagceqTr53YC

    Score
    10/10
    darkcometdeforsguest16persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks