Overview

overview

10

Static

static

10

b91d4decef...54.exe

windows7-x64

10

b91d4decef...54.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b91d4decef937b71c70a53dda6d9e954

  • Size

    748KB

  • Sample

    240307-tpqqcsgc5x

  • MD5

    b91d4decef937b71c70a53dda6d9e954

  • SHA1

    c26bcaa4fdfa3c33204bb59cb6133b680d0cf236

  • SHA256

    322e3e5944786ca3dd8e219193a4df836ef52bb61595f1e0d08cf29d1d5946f9

  • SHA512

    5c1fe169b3e53c255f0f548de954d8ed931f27f126f5cd90f7065757cb61ed5217e2a9552498835cf60a22fb80867ab662e27d4da2f13a8571b94fc632c1e558

  • SSDEEP

    12288:Kk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+WFIIhII2:H0QRWoJEfg0oChGdJQbjPbNW5tYeP+GG

Score
10/10
darkcometguest16rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:25565

Mutex

DC_MUTEX-PK94QS9

Attributes
  • gencode

    Z2qmFzrgeQaG

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      b91d4decef937b71c70a53dda6d9e954

    • Size

      748KB

    • MD5

      b91d4decef937b71c70a53dda6d9e954

    • SHA1

      c26bcaa4fdfa3c33204bb59cb6133b680d0cf236

    • SHA256

      322e3e5944786ca3dd8e219193a4df836ef52bb61595f1e0d08cf29d1d5946f9

    • SHA512

      5c1fe169b3e53c255f0f548de954d8ed931f27f126f5cd90f7065757cb61ed5217e2a9552498835cf60a22fb80867ab662e27d4da2f13a8571b94fc632c1e558

    • SSDEEP

      12288:Kk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+WFIIhII2:H0QRWoJEfg0oChGdJQbjPbNW5tYeP+GG

    Score
    10/10
    darkcometguest16rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks