Overview

overview

10

Static

static

c4a8c8a215...cc.exe

windows7-x64

10

c4a8c8a215...cc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4a8c8a2157e79b0bb87008ec99ba7ad98a5fad662d347f16b44a6c5db22a4cc

  • Size

    944KB

  • Sample

    221123-xfla3ahh2z

  • MD5

    50002d3a750cf87dff5d72bfe82dc5fe

  • SHA1

    16a87fdc570672722cbfe171a741c840dec748ea

  • SHA256

    c4a8c8a2157e79b0bb87008ec99ba7ad98a5fad662d347f16b44a6c5db22a4cc

  • SHA512

    3df344798848a96b3533e3fb112d46ac6cca57812936c3959e20e14b67247ce046245498efb23d38b4f24c03092deedb0ec58ce5ba8f8a9854d8dd3cb1fe7f9d

  • SSDEEP

    12288:3B41IW4QtruFn4qMJN7DdyDwVMOza/sB6CB6jk6TxnzhE09peECB6CB6CBurgWBF:NW4QtrwnrMJZVaUaTx1E0e9T5gWryz

Score
10/10
darkcometguest16persistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

5.196.6.20:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    hqi2yp4T7caN

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      c4a8c8a2157e79b0bb87008ec99ba7ad98a5fad662d347f16b44a6c5db22a4cc

    • Size

      944KB

    • MD5

      50002d3a750cf87dff5d72bfe82dc5fe

    • SHA1

      16a87fdc570672722cbfe171a741c840dec748ea

    • SHA256

      c4a8c8a2157e79b0bb87008ec99ba7ad98a5fad662d347f16b44a6c5db22a4cc

    • SHA512

      3df344798848a96b3533e3fb112d46ac6cca57812936c3959e20e14b67247ce046245498efb23d38b4f24c03092deedb0ec58ce5ba8f8a9854d8dd3cb1fe7f9d

    • SSDEEP

      12288:3B41IW4QtruFn4qMJN7DdyDwVMOza/sB6CB6jk6TxnzhE09peECB6CB6CBurgWBF:NW4QtrwnrMJZVaUaTx1E0e9T5gWryz

    Score
    10/10
    darkcometguest16persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks