Overview

overview

10

Static

static

edb8715322...ca.exe

windows7-x64

10

edb8715322...ca.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edb8715322e536c4d68618197ad41d684c6621922a820b62287a375358bd14ca

  • Size

    707KB

  • Sample

    221130-x7vzksha24

  • MD5

    48ab95f040f2790724875de1dadf5f99

  • SHA1

    3d2e92e6803000e7d2278b356b37fdbb97599743

  • SHA256

    edb8715322e536c4d68618197ad41d684c6621922a820b62287a375358bd14ca

  • SHA512

    525e05570e20b610e75cc159bc6f432d56dd9cc930aa36a0548eee8d3fcdc7b1cb306b2d1222fde2b6ded62aa1f40c3f8f49f0619f1189171ea8cbb31776cd1d

  • SSDEEP

    12288:8Yxy/eoMJb1Bt6JIBLU30wT6CMdYdwi10vJ3qj0V+TFvXL+hS4H6bysn6:tSFG5Bt6kyZ3EgRFXL6S4H6bzn6

Score
10/10
darkcometguest16evasionrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

drsniper.no-ip.biz:1604

Mutex

DC_MUTEX-EN93DWJ

Attributes
  • gencode

    cfPgUzNNfyRg

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      edb8715322e536c4d68618197ad41d684c6621922a820b62287a375358bd14ca

    • Size

      707KB

    • MD5

      48ab95f040f2790724875de1dadf5f99

    • SHA1

      3d2e92e6803000e7d2278b356b37fdbb97599743

    • SHA256

      edb8715322e536c4d68618197ad41d684c6621922a820b62287a375358bd14ca

    • SHA512

      525e05570e20b610e75cc159bc6f432d56dd9cc930aa36a0548eee8d3fcdc7b1cb306b2d1222fde2b6ded62aa1f40c3f8f49f0619f1189171ea8cbb31776cd1d

    • SSDEEP

      12288:8Yxy/eoMJb1Bt6JIBLU30wT6CMdYdwi10vJ3qj0V+TFvXL+hS4H6bysn6:tSFG5Bt6kyZ3EgRFXL6S4H6bzn6

    Score
    10/10
    darkcometguest16evasionrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies security service

      evasion

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Windows security modification

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Hidden Files and Directories

2
T1158

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Disabling Security Tools

2
T1089

Hidden Files and Directories

2
T1158

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks