Overview

overview

10

Static

static

529998a1f5...1e.exe

windows7-x64

10

529998a1f5...1e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    529998a1f5b582d433c10cd6085415c2c70e605310fc34b1a759dbdd36d2671e

  • Size

    1.4MB

  • Sample

    221127-mrjlhaah72

  • MD5

    cc05c85a68ee1cf98b5f45200c42608d

  • SHA1

    0d44db70753da73e14b35eacaea28a6f23200317

  • SHA256

    529998a1f5b582d433c10cd6085415c2c70e605310fc34b1a759dbdd36d2671e

  • SHA512

    202051a2dc15a82d77edb73c2d7b01da4866e92352af6be0b5e0ca2e5936fa7cad4cb7847f2a4bd3fc28f92c3cb671b71597600c669bb0850504196cc34087a1

  • SSDEEP

    24576:FnVbZxMViRoaJOZqBTybfysUkdsPh7gJboCpKm4TL+JVegaev8yHHsJ:3bZxMVuvsqkdw4oCpOTL+e9ElM

Score
10/10
darkcometaddedpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

ADDED

C2

comment.ddns.net:1604

Mutex

DC_MUTEX-AMQ7EFQ

Attributes
  • gencode

    XRhRRovsdjJP

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      529998a1f5b582d433c10cd6085415c2c70e605310fc34b1a759dbdd36d2671e

    • Size

      1.4MB

    • MD5

      cc05c85a68ee1cf98b5f45200c42608d

    • SHA1

      0d44db70753da73e14b35eacaea28a6f23200317

    • SHA256

      529998a1f5b582d433c10cd6085415c2c70e605310fc34b1a759dbdd36d2671e

    • SHA512

      202051a2dc15a82d77edb73c2d7b01da4866e92352af6be0b5e0ca2e5936fa7cad4cb7847f2a4bd3fc28f92c3cb671b71597600c669bb0850504196cc34087a1

    • SSDEEP

      24576:FnVbZxMViRoaJOZqBTybfysUkdsPh7gJboCpKm4TL+JVegaev8yHHsJ:3bZxMVuvsqkdw4oCpOTL+e9ElM

    Score
    10/10
    darkcometaddedpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks