Overview

overview

10

Static

static

10

к3уе к...к.exe

windows7-x64

10

к3уе к...к.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    к3уе куцепук.exe

  • Size

    658KB

  • Sample

    240530-mble6aeh99

  • MD5

    df70e110c3ce4993f3150bfdcce48c3b

  • SHA1

    f654873d66c45a39574e4a3200efc7b774392f33

  • SHA256

    2d23064f50eefe7439eeb73d8a9c1f037864319a42d7e1ba98068202606a4757

  • SHA512

    0c14c38b9337750f721ebe07f8937e8dae58355c67f38a26229c07f6019a3ed536f7af2c7784a10ff99cc3cf1f6c4a6ea2f4be1217b5ef91cf6553f0ab14065a

  • SSDEEP

    12288:u9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFX:6iBIGkbxqEcjsWiDxguehC2So

Score
10/10
darkcometguest16evasionrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-ZZJGU9H

Attributes
  • gencode

    DDuH4TJ5m9Pl

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      к3уе куцепук.exe

    • Size

      658KB

    • MD5

      df70e110c3ce4993f3150bfdcce48c3b

    • SHA1

      f654873d66c45a39574e4a3200efc7b774392f33

    • SHA256

      2d23064f50eefe7439eeb73d8a9c1f037864319a42d7e1ba98068202606a4757

    • SHA512

      0c14c38b9337750f721ebe07f8937e8dae58355c67f38a26229c07f6019a3ed536f7af2c7784a10ff99cc3cf1f6c4a6ea2f4be1217b5ef91cf6553f0ab14065a

    • SSDEEP

      12288:u9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFX:6iBIGkbxqEcjsWiDxguehC2So

    Score
    10/10
    darkcometguest16evasionrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies firewall policy service

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks