Overview

overview

10

Static

static

8

27b100ab30...7f.doc

windows7-x64

10

27b100ab30...7f.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27b100ab3073fc1b0b7459862930687aed91aa3fb1770e07472ac8a041fdb87f

  • Size

    4.0MB

  • Sample

    221126-rljfrsdb41

  • MD5

    3b25dfdf3f89b0a1e161d442d1fd2227

  • SHA1

    964cae96ec5364a84b13edaa305e4e3fb35fa208

  • SHA256

    27b100ab3073fc1b0b7459862930687aed91aa3fb1770e07472ac8a041fdb87f

  • SHA512

    cb0dcc230066c146926ffc158d47f48c33ba67970963ce72afcef3bb63166996e969f7d0318f6fb604fff54962cc8e934f55079bccec0f2a8f22e4e14ffef2d4

  • SSDEEP

    24576:pVfxRoAIj5FBCQELbeNJDIe5uocMALTipn5yZ0h1j8KmGN2zbRtG23zxQ0atoYBq:9p

Score
10/10
darkcometdocmacromacro_on_actionrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

doc

C2

67.242.194.118:1604

Mutex

DC_MUTEX-W3TT9NP

Attributes
  • gencode

    QMYYWMGSMDbi

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      27b100ab3073fc1b0b7459862930687aed91aa3fb1770e07472ac8a041fdb87f

    • Size

      4.0MB

    • MD5

      3b25dfdf3f89b0a1e161d442d1fd2227

    • SHA1

      964cae96ec5364a84b13edaa305e4e3fb35fa208

    • SHA256

      27b100ab3073fc1b0b7459862930687aed91aa3fb1770e07472ac8a041fdb87f

    • SHA512

      cb0dcc230066c146926ffc158d47f48c33ba67970963ce72afcef3bb63166996e969f7d0318f6fb604fff54962cc8e934f55079bccec0f2a8f22e4e14ffef2d4

    • SSDEEP

      24576:pVfxRoAIj5FBCQELbeNJDIe5uocMALTipn5yZ0h1j8KmGN2zbRtG23zxQ0atoYBq:9p

    Score
    10/10
    darkcometdocrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks