Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    831KB

  • Sample

    230313-1dy1xscb54

  • MD5

    170cc2d01a0099857621c8109950b0be

  • SHA1

    48bae0b0edb0599f4a27b3a47c94cefa01334193

  • SHA256

    29095ef51d00239aa057d49ff225d51ec328062876cced826014ad6323d0f4b8

  • SHA512

    0b5a0ac0e19a4680ad0dd98d9a9aa27225d34fc98a4c972316a8f43ad068bc8692d5d6b1f1d6be2dff34807a4c3853088fbdb2504798c5e6e4d6d883dffda2dd

  • SSDEEP

    24576:ZZ1xuVVjfFoynPaVBUR8f+kN10EB5J+C4xSKl:DQDgok30S54D

Score
10/10
darkcomet±ö¿í16rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

±ö¿Í16

C2

107.151.201.137:1604

107.151.201.137:2331
Mutex

DC_MUTEX-5JH1AAN

Attributes
  • gencode

    59l922lsejvY

  • install

    false

  • offline_keylogger

    true

  • password

    43994399

  • persistence

    false

Targets

    • Target

      tmp

    • Size

      831KB

    • MD5

      170cc2d01a0099857621c8109950b0be

    • SHA1

      48bae0b0edb0599f4a27b3a47c94cefa01334193

    • SHA256

      29095ef51d00239aa057d49ff225d51ec328062876cced826014ad6323d0f4b8

    • SHA512

      0b5a0ac0e19a4680ad0dd98d9a9aa27225d34fc98a4c972316a8f43ad068bc8692d5d6b1f1d6be2dff34807a4c3853088fbdb2504798c5e6e4d6d883dffda2dd

    • SSDEEP

      24576:ZZ1xuVVjfFoynPaVBUR8f+kN10EB5J+C4xSKl:DQDgok30S54D

    Score
    10/10
    darkcomet±ö¿í16rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks