Overview

overview

10

Static

static

3

d96562f7d3...JC.exe

windows7-x64

10

d96562f7d3...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d96562f7d3a110ce92b736f59a64cbbedf642ed90a4dbb19c184bee24dc03247_JC.exe

  • Size

    7MB

  • Sample

    230915-qt3c6sca91

  • MD5

    853defebfd1baa98efa066bf34e41654

  • SHA1

    6ad427cb53ee1f46ead7a8943a53e304ef3c21f6

  • SHA256

    d96562f7d3a110ce92b736f59a64cbbedf642ed90a4dbb19c184bee24dc03247

  • SHA512

    e52968c89ac06394c73d6d14bbd7ed09a90a0721e4c6b0794ce519177263771c9a276ddff7f1ec97140684d01ebe1a19d66eb50c9baf864b6f27d61cc6c31fc8

  • SSDEEP

    196608:VUUIZYB12sG5/oKZu12ebfpnj1DD2IrAN8dnXIskK:OUzE/hDenRD1ANAnXIg

Score
10/10
darkcometguest16persistencerattrojan

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    193.149.189.199
  • Port:
    21
  • Username:
    ins
  • Password:
    installer

Extracted

Family

darkcomet

Botnet

Guest16

C2

140.82.20.165:1680

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    6r3JcRAx4sF0

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      d96562f7d3a110ce92b736f59a64cbbedf642ed90a4dbb19c184bee24dc03247_JC.exe

    • Size

      7MB

    • MD5

      853defebfd1baa98efa066bf34e41654

    • SHA1

      6ad427cb53ee1f46ead7a8943a53e304ef3c21f6

    • SHA256

      d96562f7d3a110ce92b736f59a64cbbedf642ed90a4dbb19c184bee24dc03247

    • SHA512

      e52968c89ac06394c73d6d14bbd7ed09a90a0721e4c6b0794ce519177263771c9a276ddff7f1ec97140684d01ebe1a19d66eb50c9baf864b6f27d61cc6c31fc8

    • SSDEEP

      196608:VUUIZYB12sG5/oKZu12ebfpnj1DD2IrAN8dnXIskK:OUzE/hDenRD1ANAnXIg

    Score
    10/10
    darkcometguest16persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks