Overview

overview

10

Static

static

73cf89c6f3...a6.exe

windows7-x64

10

73cf89c6f3...a6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73cf89c6f3fb74f1d4307bc43fa5db4ffb5f62da8ec2240e6d8c6d05159156a6

  • Size

    839KB

  • Sample

    221202-v9qrjadd3z

  • MD5

    e42a2e438559313d3220bf5253cffc75

  • SHA1

    128cb5214a6148e66b1a43ca64509fcaf622b2ce

  • SHA256

    73cf89c6f3fb74f1d4307bc43fa5db4ffb5f62da8ec2240e6d8c6d05159156a6

  • SHA512

    5f557f40eda2b756a89d5ed0836da0763ed8d4f7f0a5c475c285cd163267c2cb568d1e22304ee7394767441fb57ab09b330fd7e9560ee8b9c341ee3e7e36112d

  • SSDEEP

    12288:Cw+VcKJDFuYlTjsMd/8D3xTS9CJTYtVSHfnLPAXpsx0GaLc/PdzFFkh+8OD6CZ0:CXDFbsMd/03xTK8TYWHM5sx0Nc/+vPU

Score
10/10
darkcometcloudsrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Clouds

C2

darkeyebrow.no-ip.org:1604

Mutex

DCMIN_MUTEX-W4XVV25

Attributes
  • gencode

    8jAFNXTeDvnp

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      73cf89c6f3fb74f1d4307bc43fa5db4ffb5f62da8ec2240e6d8c6d05159156a6

    • Size

      839KB

    • MD5

      e42a2e438559313d3220bf5253cffc75

    • SHA1

      128cb5214a6148e66b1a43ca64509fcaf622b2ce

    • SHA256

      73cf89c6f3fb74f1d4307bc43fa5db4ffb5f62da8ec2240e6d8c6d05159156a6

    • SHA512

      5f557f40eda2b756a89d5ed0836da0763ed8d4f7f0a5c475c285cd163267c2cb568d1e22304ee7394767441fb57ab09b330fd7e9560ee8b9c341ee3e7e36112d

    • SSDEEP

      12288:Cw+VcKJDFuYlTjsMd/8D3xTS9CJTYtVSHfnLPAXpsx0GaLc/PdzFFkh+8OD6CZ0:CXDFbsMd/03xTK8TYWHM5sx0Nc/+vPU

    Score
    10/10
    darkcometcloudsrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks