Overview

overview

10

Static

static

713e54f371...20.exe

windows7-x64

10

713e54f371...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    713e54f37175e78076f1b0abaa1d1c2be7111947e438fcb9f5f550dab1df7d20

  • Size

    1006KB

  • Sample

    221126-p8t5nshc51

  • MD5

    26bcaea1460187e3a9737d05528f64b3

  • SHA1

    35e6594e09c74f4a9974b9a9923f9d2d4c0540fa

  • SHA256

    713e54f37175e78076f1b0abaa1d1c2be7111947e438fcb9f5f550dab1df7d20

  • SHA512

    2c1f5c6b338c8a69aae75e75c2ca6e5b1dd0c8cd30a4844dd4d22e7fde06b39b3b517224e637382041c300c4ea6a95fa3cddd4137f40e3c9c259a267ebff4fc6

  • SSDEEP

    24576:kPZjcnx44eIvFMIQ6PrjDuBVVKe+/XBjEMpZAj0q4zu:kRcHTmIQVBV8QNjniu

Score
10/10
darkcomethfdiscoveryrattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

HF

C2

mikeemeka.ddns.net:1604

Mutex

DC_MUTEX-9TFNJ5B

Attributes
  • gencode

    4qri24HetcmF

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      713e54f37175e78076f1b0abaa1d1c2be7111947e438fcb9f5f550dab1df7d20

    • Size

      1006KB

    • MD5

      26bcaea1460187e3a9737d05528f64b3

    • SHA1

      35e6594e09c74f4a9974b9a9923f9d2d4c0540fa

    • SHA256

      713e54f37175e78076f1b0abaa1d1c2be7111947e438fcb9f5f550dab1df7d20

    • SHA512

      2c1f5c6b338c8a69aae75e75c2ca6e5b1dd0c8cd30a4844dd4d22e7fde06b39b3b517224e637382041c300c4ea6a95fa3cddd4137f40e3c9c259a267ebff4fc6

    • SSDEEP

      24576:kPZjcnx44eIvFMIQ6PrjDuBVVKe+/XBjEMpZAj0q4zu:kRcHTmIQVBV8QNjniu

    Score
    10/10
    darkcomethfdiscoveryrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks