Overview

overview

10

Static

static

3

b5ca777112...dd.exe

windows7-x64

10

b5ca777112...dd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5ca77711219ec8393c9e4f5f601fadd

  • Size

    716KB

  • Sample

    240305-163vksba7s

  • MD5

    b5ca77711219ec8393c9e4f5f601fadd

  • SHA1

    fb7fa73ab174a78f0d0ace643fe8fde4699e67b6

  • SHA256

    c7a7903d635db81592cc2d3ab0ae126a86679c3742c0fa3d90ca6ae3f2dc9828

  • SHA512

    a4658a7f5dbcbd287ffbfd74a10af43ee8de9ad3018e86a1be558af2ed82d03b22ea9a4f9d013fe0bf1db8beefcd7cb0e8047cf2f1216162be8cd196c12cd511

  • SSDEEP

    12288:tYGZQsNUMc7r+Keg9xmGGcMomKd8pVpztY16zCoJdZIsLjXjgv:tMdG+PM+d8Zzcc1JvIsjjgv

Score
10/10
darkcometguest16rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

sd98.no-ip.info:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    EmKZ1ypfFmpS

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Targets

    • Target

      b5ca77711219ec8393c9e4f5f601fadd

    • Size

      716KB

    • MD5

      b5ca77711219ec8393c9e4f5f601fadd

    • SHA1

      fb7fa73ab174a78f0d0ace643fe8fde4699e67b6

    • SHA256

      c7a7903d635db81592cc2d3ab0ae126a86679c3742c0fa3d90ca6ae3f2dc9828

    • SHA512

      a4658a7f5dbcbd287ffbfd74a10af43ee8de9ad3018e86a1be558af2ed82d03b22ea9a4f9d013fe0bf1db8beefcd7cb0e8047cf2f1216162be8cd196c12cd511

    • SSDEEP

      12288:tYGZQsNUMc7r+Keg9xmGGcMomKd8pVpztY16zCoJdZIsLjXjgv:tMdG+PM+d8Zzcc1JvIsjjgv

    Score
    10/10
    darkcometguest16rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks