Overview

overview

10

Static

static

8

228a641ba7...bf.exe

windows7-x64

10

228a641ba7...bf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    228a641ba79d44d0961e2ca100b75b40149410a9d337758f99b749416c3690bf

  • Size

    1.2MB

  • Sample

    221127-wl3a4abg8t

  • MD5

    31f7cc96c75fea105a94f67a93ebbb7c

  • SHA1

    da32025cea2685e5b53c8b64eb138d90ed93322f

  • SHA256

    228a641ba79d44d0961e2ca100b75b40149410a9d337758f99b749416c3690bf

  • SHA512

    e9ba60f60573fcc0f1f9d9a9f58b19809906c2f9c1be22c1765a02a8a102bf61ec6d0d6d36d4c840a910b91b7fff1225b51c85a4989ae78e104fcb6b7bd25b36

  • SSDEEP

    12288:l6Wq4aaE6KwyF5L0Y2D1PqL9iLVB83be0pHttiab+8aUAxZ99K5LT4Jap3blsGS6:zthEVaPqLoB/0tttXb656faClIGr9

Score
10/10
darkcometwork10rattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Work10

C2

jimmykarcter.ddnsking.com:1490

Mutex

DC_MUTEX-F3JFPUJ

Attributes
  • gencode

    EbEwg5Es2Fgn

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      228a641ba79d44d0961e2ca100b75b40149410a9d337758f99b749416c3690bf

    • Size

      1.2MB

    • MD5

      31f7cc96c75fea105a94f67a93ebbb7c

    • SHA1

      da32025cea2685e5b53c8b64eb138d90ed93322f

    • SHA256

      228a641ba79d44d0961e2ca100b75b40149410a9d337758f99b749416c3690bf

    • SHA512

      e9ba60f60573fcc0f1f9d9a9f58b19809906c2f9c1be22c1765a02a8a102bf61ec6d0d6d36d4c840a910b91b7fff1225b51c85a4989ae78e104fcb6b7bd25b36

    • SSDEEP

      12288:l6Wq4aaE6KwyF5L0Y2D1PqL9iLVB83be0pHttiab+8aUAxZ99K5LT4Jap3blsGS6:zthEVaPqLoB/0tttXb656faClIGr9

    Score
    10/10
    darkcometwork10rattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks