Overview

overview

10

Static

static

3

aefcc4fbfe...c1.exe

windows7-x64

10

aefcc4fbfe...c1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aefcc4fbfe2edc7cc7992085ee0ef500cd6def9b66e5f668d4dfc03ae06f49c1

  • Size

    1.1MB

  • Sample

    240420-xxzvsaff97

  • MD5

    49fc97af2d9c6cae7e412ae548e7edd8

  • SHA1

    f6c969bcab3ae6ab2116708ab002828e7482c5f7

  • SHA256

    aefcc4fbfe2edc7cc7992085ee0ef500cd6def9b66e5f668d4dfc03ae06f49c1

  • SHA512

    a7f151c9adae93329d14ccff453b13de250f5978cc28e8a1f78ad74469a0d12951c837604d11f24ff9268d1548fc63ae3e69b6eadf2ac9870ad6bad0ea2ee49a

  • SSDEEP

    24576:RBkVdlYACfZQ+aS2HnJV54K0q6tHXsk+vZmE:/svCfj/wV5GtHBcx

Score
10/10
darkcometguest16rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

5.tcp.eu.ngrok.io:13559

Mutex

DC_MUTEX-RYGWV09

Attributes
  • gencode

    iM649R849fl9

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      aefcc4fbfe2edc7cc7992085ee0ef500cd6def9b66e5f668d4dfc03ae06f49c1

    • Size

      1.1MB

    • MD5

      49fc97af2d9c6cae7e412ae548e7edd8

    • SHA1

      f6c969bcab3ae6ab2116708ab002828e7482c5f7

    • SHA256

      aefcc4fbfe2edc7cc7992085ee0ef500cd6def9b66e5f668d4dfc03ae06f49c1

    • SHA512

      a7f151c9adae93329d14ccff453b13de250f5978cc28e8a1f78ad74469a0d12951c837604d11f24ff9268d1548fc63ae3e69b6eadf2ac9870ad6bad0ea2ee49a

    • SSDEEP

      24576:RBkVdlYACfZQ+aS2HnJV54K0q6tHXsk+vZmE:/svCfj/wV5GtHBcx

    Score
    10/10
    darkcometguest16rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks