darkcomet | ed106a23f8bb5e6a16f53100edc20ad96e598d59a617f3247a7f07329a936426 | Triage

Submit
Reports

Overview

overview

Static

static

The-MALWAR...er.rar

windows10-1703-x64

3

Sharing

General

Target

The-MALWARE-Repo-master.rar
Size

185.3MB
Sample

240220-pwmj3agb8y
MD5

197d27199c68c1ef56b52427dbd6209b
SHA1

4410810280c93017ed7c867ad4824ba578173979
SHA256

ed106a23f8bb5e6a16f53100edc20ad96e598d59a617f3247a7f07329a936426
SHA512

552c6b4a1337e17577abe44ecf611e441c00bd8a09c776e54e3bfe9e4d9a4c3b012f04314821fc3a1d4fc04bd8099c5ad797ac7273e488b53a88e089bd9f9e27
SSDEEP

3145728:iDElBkYW2UmoW60K3Jh+AozBKxy1mn4WmG+oCtC+hR3R9BYkkoLeEt9i+SRkfxjN:oqkYl6f3zotP1Cv+o6LB9eEtknRWn

Score

10^/10

darkcomet modiloader njrat remcos revengerat wipelock geforce guest host aspackv2 macro macro_on_action stealer upx

Static task

static1

macro upx aspackv2 macro_on_action geforce host stealer guest darkcomet njrat modiloader remcos revengerat wipelock

19 signatures

Behavioral task

behavioral1

Sample

The-MALWARE-Repo-master.rar

Resource

win10-20240214-en

windows10-1703-x64

5 signatures

600 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Geforce

C2

startitit2-23969.portmap.host:1604

Mutex

b9584a316aeb9ca9b31edd4db18381f5

Attributes

reg_key
b9584a316aeb9ca9b31edd4db18381f5
splitter
Y262SUCZ4UJJ

Extracted

Family

remcos

Version

1.7 Pro

Botnet

Host

C2

nickman12-46565.portmap.io:46565

nickman12-46565.portmap.io:1735

Attributes

audio_folder
audio
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
5
copy_file
Userdata.exe
copy_folder
Userdata
delete_file
true
hide_file
true
hide_keylog_file
true
install_flag
true
install_path
%WinDir%\System32
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%WinDir%\System32
mouse_option
false
mutex
remcos_vcexssuhap
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screens
screenshot_path
%AppData%
screenshot_time
1
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5

Extracted

Family

revengerat

Botnet

Guest

C2

0.tcp.ngrok.io:19521

Mutex

RV_MUTEX

Targets

- Target
  
  The-MALWARE-Repo-master.rar
- Size
  
  185.3MB
- MD5
  
  197d27199c68c1ef56b52427dbd6209b
- SHA1
  
  4410810280c93017ed7c867ad4824ba578173979
- SHA256
  
  ed106a23f8bb5e6a16f53100edc20ad96e598d59a617f3247a7f07329a936426
- SHA512
  
  552c6b4a1337e17577abe44ecf611e441c00bd8a09c776e54e3bfe9e4d9a4c3b012f04314821fc3a1d4fc04bd8099c5ad797ac7273e488b53a88e089bd9f9e27
- SSDEEP
  
  3145728:iDElBkYW2UmoW60K3Jh+AozBKxy1mn4WmG+oCtC+hR3R9BYkkoLeEt9i+SRkfxjN:oqkYl6f3zotP1Cv+o6LB9eEtknRWn
Score

3^/10
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macroupxaspackv2macro_on_actiongeforcehoststealerguestdarkcometnjratmodiloaderremcosrevengeratwipelock

behavioral1

© 2018-2024

Terms | Privacy