Overview

overview

10

Static

static

3

VirusShare...b0.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirusShare_f00eebcf45aa28251dabff693cb87db0

  • Size

    858KB

  • Sample

    240518-tf93msbd3v

  • MD5

    f00eebcf45aa28251dabff693cb87db0

  • SHA1

    21c73fc96842f12af0eb2e159434a6d89894a3ea

  • SHA256

    0f4a0735bd83b54dc178a0777fab05e566d9e310c7e9b27477fffcde9e16ead0

  • SHA512

    e0c0a292027791a97362e98c78ded5c4990d53b386581e1652977382e25cdb2907b8b417810e920493c1fe6910a326915175ad019c845cc54bd54a04d8b224bf

  • SSDEEP

    12288:FulqU/2vVuFUXMGJtvofZPvsun+tCSESuVoXz1KX6vLp7xtohjF/rpBKU:FY5+A68GwD+tHyV+zEOVxtsF/ri

Score
10/10
darkcomet0207tltkpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

0207tltk

C2

87.98.160.242:1515

Mutex

DC_MUTEX-UVLJSUF

Attributes
  • gencode

    kTfXK3AyJR7m

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      VirusShare_f00eebcf45aa28251dabff693cb87db0

    • Size

      858KB

    • MD5

      f00eebcf45aa28251dabff693cb87db0

    • SHA1

      21c73fc96842f12af0eb2e159434a6d89894a3ea

    • SHA256

      0f4a0735bd83b54dc178a0777fab05e566d9e310c7e9b27477fffcde9e16ead0

    • SHA512

      e0c0a292027791a97362e98c78ded5c4990d53b386581e1652977382e25cdb2907b8b417810e920493c1fe6910a326915175ad019c845cc54bd54a04d8b224bf

    • SSDEEP

      12288:FulqU/2vVuFUXMGJtvofZPvsun+tCSESuVoXz1KX6vLp7xtohjF/rpBKU:FY5+A68GwD+tHyV+zEOVxtsF/ri

    Score
    10/10
    darkcomet0207tltkpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks