Overview

overview

10

Static

static

10

loader.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loader.exe

  • Size

    6.6MB

  • Sample

    240403-lvkgjabg4w

  • MD5

    7ccb67211d3217bf81a5cba6646aa71e

  • SHA1

    41ae6435dc0872ebffb2377175eac043c75aa47b

  • SHA256

    4a6d7294cd902595eddc8888ef313abf4839b766e5aa3a7e1f7932396862ddc7

  • SHA512

    91e1e343ef88167847f636cf90aa2aac9cd9c82520f4c4d3cffca072703f8067ec964f62b08a76a6f8350330a21ac8c7306b5cb603d0a8fef0353c47c1b5f43d

  • SSDEEP

    98304:MQU/vazHb9LcFW5ifLq9yigKhlQUxqXR68lY2mzEn/HH3MW:MQqqiipQUxqXm2mzI/HXMW

Score
10/10
darkcometguest16agilenetevasionrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

23.27.245.112:443

Mutex

DC_MUTEX-5SPHHX7

Attributes
  • gencode

    HqxpjeTgUiwn

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      loader.exe

    • Size

      6.6MB

    • MD5

      7ccb67211d3217bf81a5cba6646aa71e

    • SHA1

      41ae6435dc0872ebffb2377175eac043c75aa47b

    • SHA256

      4a6d7294cd902595eddc8888ef313abf4839b766e5aa3a7e1f7932396862ddc7

    • SHA512

      91e1e343ef88167847f636cf90aa2aac9cd9c82520f4c4d3cffca072703f8067ec964f62b08a76a6f8350330a21ac8c7306b5cb603d0a8fef0353c47c1b5f43d

    • SSDEEP

      98304:MQU/vazHb9LcFW5ifLq9yigKhlQUxqXR68lY2mzEn/HH3MW:MQqqiipQUxqXm2mzI/HXMW

    Score
    10/10
    darkcometguest16agilenetevasionrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks