Overview

overview

10

Static

static

10

27babbf7de...99.exe

windows7-x64

10

27babbf7de...99.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27babbf7de731d1fe14368b9bcee2299

  • Size

    660KB

  • Sample

    231231-etpljahahr

  • MD5

    27babbf7de731d1fe14368b9bcee2299

  • SHA1

    a3d215315c8133b4d17dc0f96a47e8a0e5061f8a

  • SHA256

    c771468a116677140a3927659b4f49fc35eb14a4a72d9a8309266edc19d4a9c8

  • SHA512

    2e4baf69645ee9d81a03e0ff3294b733acfb2d77c910e684505bf21991db232358a284383bc1d607f9fcffdb280daa57f165646ff288da4cd1dfe967cab7149b

  • SSDEEP

    12288:0XhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uc:inAw2WWeFcfbP9VPSPMTSPL/rWvzq4JM

Score
10/10
darkcometguest16persistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

klol.no-ip.info:1604

Mutex

DC_MUTEX-XACN1GV

Attributes
  • InstallPath

    system32\CmDUpdater.exe

  • gencode

    0asbWfAvhwx5

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      27babbf7de731d1fe14368b9bcee2299

    • Size

      660KB

    • MD5

      27babbf7de731d1fe14368b9bcee2299

    • SHA1

      a3d215315c8133b4d17dc0f96a47e8a0e5061f8a

    • SHA256

      c771468a116677140a3927659b4f49fc35eb14a4a72d9a8309266edc19d4a9c8

    • SHA512

      2e4baf69645ee9d81a03e0ff3294b733acfb2d77c910e684505bf21991db232358a284383bc1d607f9fcffdb280daa57f165646ff288da4cd1dfe967cab7149b

    • SSDEEP

      12288:0XhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uc:inAw2WWeFcfbP9VPSPMTSPL/rWvzq4JM

    Score
    10/10
    darkcometguest16persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks