Overview

overview

10

Static

static

3

9b21e7b6b3...1e.exe

windows7-x64

10

9b21e7b6b3...1e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b21e7b6b31a2aad3f8bb60f807d0e1e

  • Size

    911KB

  • Sample

    240214-jflpyach8v

  • MD5

    9b21e7b6b31a2aad3f8bb60f807d0e1e

  • SHA1

    8000d28c0d38c2716e0dd36581a0bdad4d1d9958

  • SHA256

    95f70fe6ad7b2412d4b71deca522857b33f8579f570ec07f108c2224dce0592f

  • SHA512

    fecee9437eff6719ae30850b4761d7afdbcdbcdfc5bfbafb8c392971676381089a2665b2d3890eef613fdf6dca2d018e4d7f96c264172f49c168f928b3cc01d5

  • SSDEEP

    24576:vgX5/aWAevvoUA+eD0ZihN1LZTOI8CEc6vJvrOj6:vBAv3ACFrOW

Score
10/10
darkcometvicrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Vic

C2

pablo1234.no-ip.org:65

Mutex

DC_MUTEX-LQL5G6H

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    H4jqSRgnBR8W

  • install

    true

  • offline_keylogger

    false

  • password

    0123456789

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      9b21e7b6b31a2aad3f8bb60f807d0e1e

    • Size

      911KB

    • MD5

      9b21e7b6b31a2aad3f8bb60f807d0e1e

    • SHA1

      8000d28c0d38c2716e0dd36581a0bdad4d1d9958

    • SHA256

      95f70fe6ad7b2412d4b71deca522857b33f8579f570ec07f108c2224dce0592f

    • SHA512

      fecee9437eff6719ae30850b4761d7afdbcdbcdfc5bfbafb8c392971676381089a2665b2d3890eef613fdf6dca2d018e4d7f96c264172f49c168f928b3cc01d5

    • SSDEEP

      24576:vgX5/aWAevvoUA+eD0ZihN1LZTOI8CEc6vJvrOj6:vBAv3ACFrOW

    Score
    10/10
    darkcometvicrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks