Overview

overview

10

Static

static

ca0db28307...29.exe

windows7-x64

10

ca0db28307...29.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca0db2830755df9ce272dd4f25f09568b9430c6f0a60a58d8a1ab5982322ad29

  • Size

    693KB

  • Sample

    221203-fm4mjsbb2v

  • MD5

    ef41698536593902b16f35201a7ec5cf

  • SHA1

    a75fd23206d3b376982484c96da41eeb81386a86

  • SHA256

    ca0db2830755df9ce272dd4f25f09568b9430c6f0a60a58d8a1ab5982322ad29

  • SHA512

    2776d0814bb0ec0f4bc97b2baafd7e9e5e24d5298015f9a1b25f09b32347ea67f8760b172a6418f4da594b1fdb065a74b08b48f452cf6b31470394b2e5988485

  • SSDEEP

    12288:WIwi/NAnbFVXHNs653GAUAuvG62sMBVnZVcnOjQwBdVV05IM8ZF7z04bh:WIwi/NAbXC652AU42nlwBD65mZF7HF

Score
10/10
darkcometguest16persistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    yfe2bQYXseln

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      ca0db2830755df9ce272dd4f25f09568b9430c6f0a60a58d8a1ab5982322ad29

    • Size

      693KB

    • MD5

      ef41698536593902b16f35201a7ec5cf

    • SHA1

      a75fd23206d3b376982484c96da41eeb81386a86

    • SHA256

      ca0db2830755df9ce272dd4f25f09568b9430c6f0a60a58d8a1ab5982322ad29

    • SHA512

      2776d0814bb0ec0f4bc97b2baafd7e9e5e24d5298015f9a1b25f09b32347ea67f8760b172a6418f4da594b1fdb065a74b08b48f452cf6b31470394b2e5988485

    • SSDEEP

      12288:WIwi/NAnbFVXHNs653GAUAuvG62sMBVnZVcnOjQwBdVV05IM8ZF7z04bh:WIwi/NAbXC652AU42nlwBD65mZF7HF

    Score
    10/10
    darkcometguest16persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks