Overview

overview

10

Static

static

a27b7d243b...83.exe

windows7-x64

10

a27b7d243b...83.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a27b7d243b8d5596db8653dad93a0b2bffdda101481f8af58938ff19e32d6a83

  • Size

    880KB

  • Sample

    221201-ma9rcshb85

  • MD5

    6ac4fb08d33289af24a482b3219378f4

  • SHA1

    7e98167b6c438759f9e713820b726ff5c3189b8a

  • SHA256

    a27b7d243b8d5596db8653dad93a0b2bffdda101481f8af58938ff19e32d6a83

  • SHA512

    e6c902531fde6711396fd7d6fe774c64905f22e69a5985458d4fa30ffc2854c56a42fe0018a5a5725a2ff14bcefb26acfc79823be4e79e56cf29c1ab8035bf20

  • SSDEEP

    24576:QgnIHCYbji/YC3Jg6CaAROoOpxJKpfecYKc:W3bj4d36doxUdeoc

Score
10/10
darkcometsy sw4gpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

SY Sw4g

C2

storkhax.no-ip.info:1230

Mutex

DCMIN_MUTEX-W5FDNV4

Attributes
  • gencode

    S6eCNBd7VXe6

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      a27b7d243b8d5596db8653dad93a0b2bffdda101481f8af58938ff19e32d6a83

    • Size

      880KB

    • MD5

      6ac4fb08d33289af24a482b3219378f4

    • SHA1

      7e98167b6c438759f9e713820b726ff5c3189b8a

    • SHA256

      a27b7d243b8d5596db8653dad93a0b2bffdda101481f8af58938ff19e32d6a83

    • SHA512

      e6c902531fde6711396fd7d6fe774c64905f22e69a5985458d4fa30ffc2854c56a42fe0018a5a5725a2ff14bcefb26acfc79823be4e79e56cf29c1ab8035bf20

    • SSDEEP

      24576:QgnIHCYbji/YC3Jg6CaAROoOpxJKpfecYKc:W3bj4d36doxUdeoc

    Score
    10/10
    darkcometsy sw4gpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks