Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows10-2004-x64

10

Resubmissions

24-02-2024 23:16

240224-29fd5ahd4w 10

24-02-2024 22:21

240224-191jmage7y 10

24-02-2024 22:06

240224-11gedsfe93 10

24-02-2024 22:03

240224-1yt8gafe62 1

24-02-2024 21:54

240224-1sjjsagb7z 7

24-02-2024 21:50

240224-1pv4eagb3v 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

  • Sample

    240224-11gedsfe93

Score
10/10
darkcometmetasploitbackdoorevasionpersistencerattrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://149.129.72.37:23456/SNpK

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP09; NP09; MAAU)

Targets

    • Target

      https://github.com/Da2dalus/The-MALWARE-Repo

    Score
    10/10
    darkcometmetasploitbackdoorevasionpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Modifies WinLogon for persistence

      persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks