Overview

overview

10

Static

static

3

gre.bin.exe

windows7-x64

10

gre.bin.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gre.bin.exe

  • Size

    664KB

  • Sample

    230720-l7yjxsfc99

  • MD5

    ca70816ff1f547d1b16435a0cb4fa871

  • SHA1

    01816a741711b10f11d496c9a7090679fa54bd69

  • SHA256

    24d290fd917f843d7e0a7c3821770d5f21284f4d8e6815d29f14d9e258c2a999

  • SHA512

    901a3a8e0af101a0767081152ac4274f16d1a74dc43ea8580af9749191cc42dd8f977b2b73198b5be387016ef1e6be57ed400b3105c4f8f4e9c677b96b6fe869

  • SSDEEP

    12288:izYpuDWoVtuqLxBIztbT46g8INsE9VY3G5HkBPM/yytiygj9wO2Wyf8NB+em7r:huLxatIZ6EHPVYyUNAD8w

Score
10/10
darkcometguest16_minrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-04BX3P3

Attributes
  • gencode

    LXPM46nVMwyf

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      gre.bin.exe

    • Size

      664KB

    • MD5

      ca70816ff1f547d1b16435a0cb4fa871

    • SHA1

      01816a741711b10f11d496c9a7090679fa54bd69

    • SHA256

      24d290fd917f843d7e0a7c3821770d5f21284f4d8e6815d29f14d9e258c2a999

    • SHA512

      901a3a8e0af101a0767081152ac4274f16d1a74dc43ea8580af9749191cc42dd8f977b2b73198b5be387016ef1e6be57ed400b3105c4f8f4e9c677b96b6fe869

    • SSDEEP

      12288:izYpuDWoVtuqLxBIztbT46g8INsE9VY3G5HkBPM/yytiygj9wO2Wyf8NB+em7r:huLxatIZ6EHPVYyUNAD8w

    Score
    10/10
    darkcometguest16_minrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks