Overview

overview

10

Static

static

10

test.zip

windows10-2004-x64

10

gui.exe

windows10-2004-x64

7

mal-track.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    test.zip

  • Size

    11.9MB

  • Sample

    240806-jzfyssxgnd

  • MD5

    7fe3acfdd7e6e58aaac1c5d3c1effa47

  • SHA1

    34e647ced16ddca478e292645a003a13b369d6e1

  • SHA256

    241c7537ceebc256972be8d9b22e0c254c10662020b4ba5834867c5601b7b283

  • SHA512

    af85da00fcb2cd863c65047d1ceb4cffb399e8a4c56b2b316ee70be895e80a6507c1674a6e0b810a73e9a6b1cfcb1dad9098a381eb893223cd10b994f2c2850e

  • SSDEEP

    196608:pmPPhLkfshua/TJ9sngV56KkUUzQZ+QT5KiljNkp5JuPA9Img/xmcbgPvq3I9V93:pmPPIeH/d9ig7NU7YBjNKjuI9ImKg1XF

Score
10/10
darkcometmal-trackdiscoverypersistenceprivilege_escalationpyinstallerrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

mal-track

C2

127.0.0.1:1010

Mutex

DCMIN_MUTEX-NLY9NFG

Attributes
  • InstallPath

    maltrack\maltrack.exe

  • gencode

    Z6mh6RQnzK2e

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    Mal-Track

Targets

    • Target

      test.zip

    • Size

      11.9MB

    • MD5

      7fe3acfdd7e6e58aaac1c5d3c1effa47

    • SHA1

      34e647ced16ddca478e292645a003a13b369d6e1

    • SHA256

      241c7537ceebc256972be8d9b22e0c254c10662020b4ba5834867c5601b7b283

    • SHA512

      af85da00fcb2cd863c65047d1ceb4cffb399e8a4c56b2b316ee70be895e80a6507c1674a6e0b810a73e9a6b1cfcb1dad9098a381eb893223cd10b994f2c2850e

    • SSDEEP

      196608:pmPPhLkfshua/TJ9sngV56KkUUzQZ+QT5KiljNkp5JuPA9Img/xmcbgPvq3I9V93:pmPPIeH/d9ig7NU7YBjNKjuI9ImKg1XF

    Score
    10/10
    darkcometmal-trackdiscoverypersistenceprivilege_escalationrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

    • Target

      gui.exe

    • Size

      11.8MB

    • MD5

      93b162f9f8b9f61612e6b971e8ed7bd6

    • SHA1

      47487ffc0a6fe9a6555037ec7aa13dd1b098f988

    • SHA256

      8b8fc2771931fd1d849206bdb088f17dca10914cb0bc9ecc5eff93919e42e2cb

    • SHA512

      386d1b15b6e2d67180e3ac33b05bb9f2a8561f0dbfc9713e2d540a2da23bdc25334f6bcbe3b6cd3b51fb9ed78b1447edcbead88aff1ca94d5ecb450d7d0e1856

    • SSDEEP

      196608:VWMicjwuLIRBA1HeT39IigwT1ncKOVVthIUo0W8/Lo79u5Y3j7NetQgN+xPZp4p:mcUxq1+TtIiFR0VNRW8E5u6/s6NxPE

    Score
    7/10

    • Loads dropped DLL

    behavioral2

    • Target

      mal-track.exe

    • Size

      658KB

    • MD5

      59bc20336206070fa5312f03f1aee02e

    • SHA1

      99dc38244141f56a60975899dd888eff0f5002b3

    • SHA256

      a164abbb6778e1378af208b4a3d4833c2b226c68452d2151fb14e2e01a578fdd

    • SHA512

      719cbb4a9ae4565b0c7d02622f0213f5bf1a3b93aefcb722bd53c44c5da607643a223c33154c7260c3b104b7f4c94d6e2c23031f3cef2064ed441aa50a312a3e

    • SSDEEP

      12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZ:+Z1xuVVjfFoynPaVBUR8f+kN10EBz

    Score
    10/10
    darkcometmal-trackdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks