Overview

overview

10

Static

static

3

a0b1a71bbd...49.exe

windows7-x64

10

a0b1a71bbd...49.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a0b1a71bbd44c9138e47c9600e7b1f74891f096dfd6d3feecfe549e0ef89a149

  • Size

    3.2MB

  • Sample

    240421-bf4azsfc2w

  • MD5

    30b37fdccf6fa1a0fd3a2a28de5f5674

  • SHA1

    728d5c15472088326ecc57c78a544f78bf0ddc6a

  • SHA256

    a0b1a71bbd44c9138e47c9600e7b1f74891f096dfd6d3feecfe549e0ef89a149

  • SHA512

    fa25884a25b6f20325d7fc70b2ba83f65eb3f5110f6ea085c74bbed1d56070de05b238f85f3140715a4fb6c299be0c068ee2e2231dcc157b1a3aa502233a65a1

  • SSDEEP

    98304:f2UcwExvvlQH4d7FwlRqIQQrh6GGFdS0RECc9v:OUcwaI4dhwlRqQroBFEx9

Score
10/10
darkcomet01082013persistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

01082013

C2

ubervps.no-ip.biz:28324

Mutex

DC_MUTEX-ABV02TU

Attributes
  • gencode

    dwKuEj1qEjbE

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      a0b1a71bbd44c9138e47c9600e7b1f74891f096dfd6d3feecfe549e0ef89a149

    • Size

      3.2MB

    • MD5

      30b37fdccf6fa1a0fd3a2a28de5f5674

    • SHA1

      728d5c15472088326ecc57c78a544f78bf0ddc6a

    • SHA256

      a0b1a71bbd44c9138e47c9600e7b1f74891f096dfd6d3feecfe549e0ef89a149

    • SHA512

      fa25884a25b6f20325d7fc70b2ba83f65eb3f5110f6ea085c74bbed1d56070de05b238f85f3140715a4fb6c299be0c068ee2e2231dcc157b1a3aa502233a65a1

    • SSDEEP

      98304:f2UcwExvvlQH4d7FwlRqIQQrh6GGFdS0RECc9v:OUcwaI4dhwlRqQroBFEx9

    Score
    10/10
    darkcomet01082013persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks