Overview

overview

10

Static

static

10

FivemFreeUpdated.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FivemFreeUpdated.exe

  • Size

    756KB

  • Sample

    240503-xk2tlsdc6v

  • MD5

    507d6f31d2798d62caf36db241b42421

  • SHA1

    f0ac3a0f5c1edc91cf78d713400a0d3a0aba5844

  • SHA256

    32c5cdbbd37c34c5d38ceed5bbf657f74b2629596e8b8635e8e888bb51117a0e

  • SHA512

    ae39793b5312fffea3a68684bffb3800a6dd7cb2327e9da0470cfb05fa4e1a7457ec394da9c7ccea2ec44a01a05fddacc14f4430ba0d63e9766d32d4e2c8d270

  • SSDEEP

    12288:Q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h5i:0Z1xuVVjfFoynPaVBUR8f+kN10EBO

Score
10/10
darkcometguest16evasionpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

fivemexternal.ddns.net:5529

Mutex

DC_MUTEX-RULX6G9

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    qMSWXMpj99bp

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      FivemFreeUpdated.exe

    • Size

      756KB

    • MD5

      507d6f31d2798d62caf36db241b42421

    • SHA1

      f0ac3a0f5c1edc91cf78d713400a0d3a0aba5844

    • SHA256

      32c5cdbbd37c34c5d38ceed5bbf657f74b2629596e8b8635e8e888bb51117a0e

    • SHA512

      ae39793b5312fffea3a68684bffb3800a6dd7cb2327e9da0470cfb05fa4e1a7457ec394da9c7ccea2ec44a01a05fddacc14f4430ba0d63e9766d32d4e2c8d270

    • SSDEEP

      12288:Q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h5i:0Z1xuVVjfFoynPaVBUR8f+kN10EBO

    Score
    10/10
    darkcometguest16evasionpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks