Overview

overview

10

Static

static

3

92f143956b...64.exe

windows7-x64

10

92f143956b...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92f143956b9a12540154e290c4e62564

  • Size

    761KB

  • Sample

    240205-zedwpsgaf4

  • MD5

    92f143956b9a12540154e290c4e62564

  • SHA1

    1fee278385d5b122aed257fafad8438382492dec

  • SHA256

    eba350227560d9ced91f4d3d85758edeca142d387cb2156dc9e169aaa0a4e6c6

  • SHA512

    9dc37a30a62757252577fa00dbfc195b99274f8b868a9833a2b46f3b7b1d50c1363d142807b405068d8bdab1cbbc8ec5dca1691f223dc04c3b64c08066d5f3f7

  • SSDEEP

    12288:BMrNIqNDs+RG7Y/ovzi0dSR/qP5OrOEuDAE+GL2QehBLouk3DefG7h:CrNIqNDsK6tvRda/RONAE+M2QebnkQGl

Score
10/10
darkcometcryptedpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Crypted

C2

anonymoushere.no-ip.org:1604

Mutex

DC_MUTEX-J8M2E7P

Attributes
  • gencode

    GmA26Nic56qT

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      92f143956b9a12540154e290c4e62564

    • Size

      761KB

    • MD5

      92f143956b9a12540154e290c4e62564

    • SHA1

      1fee278385d5b122aed257fafad8438382492dec

    • SHA256

      eba350227560d9ced91f4d3d85758edeca142d387cb2156dc9e169aaa0a4e6c6

    • SHA512

      9dc37a30a62757252577fa00dbfc195b99274f8b868a9833a2b46f3b7b1d50c1363d142807b405068d8bdab1cbbc8ec5dca1691f223dc04c3b64c08066d5f3f7

    • SSDEEP

      12288:BMrNIqNDs+RG7Y/ovzi0dSR/qP5OrOEuDAE+GL2QehBLouk3DefG7h:CrNIqNDsK6tvRda/RONAE+M2QebnkQGl

    Score
    10/10
    darkcometcryptedpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks