Overview

overview

10

Static

static

87d15b50d4...03.exe

windows7-x64

10

87d15b50d4...03.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87d15b50d421d7776fc172477de7d49123918ab52df0f90e8193544b544e1403

  • Size

    1006KB

  • Sample

    221126-p8s8dahc5z

  • MD5

    864c25e4080be2a6b6d5167f85002776

  • SHA1

    de57e561bf779ac072dea0ad6ef6e159bdbfbd91

  • SHA256

    87d15b50d421d7776fc172477de7d49123918ab52df0f90e8193544b544e1403

  • SHA512

    3fef58103cde734c89d0c6998adbba65fde17bf180c3fa537c33bb30c0a8044fd10847bb377c912806738f4a51b6f860eec0bfc12636140599d702010cf27ad3

  • SSDEEP

    24576:kPZjcnxA4eIvFMIQ6Pr1DuBNPpJ1QPJBd3mJpMdogiUZFb5rMBdZbxh:kRcfTmIQLBUWbMWC4x

Score
10/10
darkcomethfdiscoveryrattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

HF

C2

mikeemeka.ddns.net:1604

Mutex

DC_MUTEX-KT2FTNQ

Attributes
  • gencode

    BXfLk4dndh8k

  • install

    false

  • offline_keylogger

    true

  • password

    1234

  • persistence

    false

Targets

    • Target

      87d15b50d421d7776fc172477de7d49123918ab52df0f90e8193544b544e1403

    • Size

      1006KB

    • MD5

      864c25e4080be2a6b6d5167f85002776

    • SHA1

      de57e561bf779ac072dea0ad6ef6e159bdbfbd91

    • SHA256

      87d15b50d421d7776fc172477de7d49123918ab52df0f90e8193544b544e1403

    • SHA512

      3fef58103cde734c89d0c6998adbba65fde17bf180c3fa537c33bb30c0a8044fd10847bb377c912806738f4a51b6f860eec0bfc12636140599d702010cf27ad3

    • SSDEEP

      24576:kPZjcnxA4eIvFMIQ6Pr1DuBNPpJ1QPJBd3mJpMdogiUZFb5rMBdZbxh:kRcfTmIQLBUWbMWC4x

    Score
    10/10
    darkcomethfdiscoveryrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks