darkcomet

General

Target

Purchase_Order_47561.zip
Size

3MB
Sample

230811-zae8zaae6s
MD5

22d56748298d4156fdb90dc7f75f94b5
SHA1

7a1d3270a80c1403f58534e13b9d7a521e368e9e
SHA256

242a32502c3b1b92292ce59ca9907d9b3cb843757f9cb484022a9e696ce534d6
SHA512

d572e977552d778186c3e3cd42aa9ea56f56d6ff5e4b242742de747f1efd8cd657fa2cd96d040b4533bda752c793d9bf626f6ecce73f4db2606f7099b25ac57d
SSDEEP

98304:DTsDDD5X91+RY7t6gl/UBfwOOBnj7Cr4Bwky:DTCDDp9Ie6WUBIhUr4BS

Score

10^/10

Malware Config

Extracted

Family

warzonerat

C2

chrisle79.ddns.net:5516

Extracted

Family

darkcomet

Botnet

July 2023

C2

bonding79.ddns.net:3316

goodgt79.ddns.net:3316

whatis79.ddns.net:3316

smath79.ddns.net:3316

jacknop79.ddns.net:3316

chrisle79.ddns.net:3316

Mutex

DC_MUTEX-BM7SVQ4

Attributes

gencode
407HsPzjaClg
install
false
offline_keylogger
true
password
Password20$
persistence
false

Targets

- Target
  
  Order1.exe
- Size
  
  2MB
- MD5
  
  f1c617a057b90c18b15a0a95f8432167
- SHA1
  
  20a97491e939c7b79f035a402e98b2fcf3979195
- SHA256
  
  e772740438892e74052a4e52cec947a89365ab605ebb4966ef019da8b99cd5a3
- SHA512
  
  ad518ed8674ba0a95b918f461a2bd4047c7331500d41d8173841692839c5f27a2c3bb10a316cb277ea9378960a4cbf2c56ee79acd492b4571e4c6f834a5c98c9
- SSDEEP
  
  49152:OjT0wNx5if7NoLbZ6rV7vLXv6Td+p7b8HwyFux+jya+q:OjT0Yx5if7NoLbZ6rV7vLXv6xS7b5HAc
Score

10^/10

warzonerat infostealer persistence rat
- Modifies WinLogon for persistence
  persistence
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Purchase Order 47561.exe
- Size
  
  3MB
- MD5
  
  c92682dc8eecfe2fe9591a47bb4b5a0f
- SHA1
  
  68c5fd799baa8715cdaa59dd152216beb23916d0
- SHA256
  
  9b07bc60a938d900dc8306cb98ae5857e9dd2a5cd1f6e766a9eea39b8aa74f18
- SHA512
  
  74c6bd6dc00b1a86bcb5e2bbb4a28006471b6fff47f58059c73a8298ffafa7e22b7fededa7ffcec2ce0f46ed76de21b23746b9d2d3d7b25bbd699834afcb315e
- SSDEEP
  
  98304:qsibJt8O6x5bn9sCGS88He4jRJjfKBmn:qFJ6tVYRO
Score

10^/10

darkcomet persistence rat trojan july 2023
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral3 behavioral4