Overview

overview

10

Static

static

10

582c956eca...6e.exe

windows7-x64

10

582c956eca...6e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    582c956eca4b7c50142ee2858111282f734007b5ab9f795759550b4de637256e

  • Size

    809KB

  • Sample

    221207-f5hssshb29

  • MD5

    10c608c2c1c01446e0b42519f0a08d00

  • SHA1

    f5202815045a395aff805d517eb1fe2f8f7b4331

  • SHA256

    582c956eca4b7c50142ee2858111282f734007b5ab9f795759550b4de637256e

  • SHA512

    43a885ff331d3fe0f917ccdac4e06eec02a074c458ae8642c0cc2e2085bc6c069b7ee81bf458c265f4bf3b64ceae53a9ca59a95e13bd68168709a562ab856def

  • SSDEEP

    12288:V4O9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hi:VDZ1xuVVjfFoynPaVBUR8f+kN10EB

Score
10/10
darkcometvictimerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

victime

C2

127.0.0.1:1604

Mutex

DC_MUTEX-XFK45XG

Attributes
  • gencode

    zbWPFqA7rV0v

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      582c956eca4b7c50142ee2858111282f734007b5ab9f795759550b4de637256e

    • Size

      809KB

    • MD5

      10c608c2c1c01446e0b42519f0a08d00

    • SHA1

      f5202815045a395aff805d517eb1fe2f8f7b4331

    • SHA256

      582c956eca4b7c50142ee2858111282f734007b5ab9f795759550b4de637256e

    • SHA512

      43a885ff331d3fe0f917ccdac4e06eec02a074c458ae8642c0cc2e2085bc6c069b7ee81bf458c265f4bf3b64ceae53a9ca59a95e13bd68168709a562ab856def

    • SSDEEP

      12288:V4O9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hi:VDZ1xuVVjfFoynPaVBUR8f+kN10EB

    Score
    10/10
    darkcometvictimerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks