Overview

overview

10

Static

static

10

8a387ed7c4...a2.exe

windows7-x64

10

8a387ed7c4...a2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-09-2024 23:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a387ed7c415553e0b196cc91e975b4f1de4d9212f9f82aaccc5ebf2e68965a2.exe

  • Size

    658KB

  • MD5

    8b6332828d48d0c640fc3bbe1120cfa9

  • SHA1

    6582266a29c36a3fb9f7bf157d465ff9843b4bef

  • SHA256

    8a387ed7c415553e0b196cc91e975b4f1de4d9212f9f82aaccc5ebf2e68965a2

  • SHA512

    07719e8a78c85fc14dfe74a47caf548a09fa112c56876455806562674bb27aaa8dc136fd40b67a8eaba961d53a4c9c3a6230637bafe49feb0a52defe8de48703

  • SSDEEP

    12288:29HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFZ:SiBIGkbxqEcjsWiDxguehC2SW

Score
10/10
darkcometguest16discoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-MLSJZEK

Attributes
  • gencode

    NzJ0ZsZsDhVk

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a387ed7c415553e0b196cc91e975b4f1de4d9212f9f82aaccc5ebf2e68965a2.exe
    "C:\Users\Admin\AppData\Local\Temp\8a387ed7c415553e0b196cc91e975b4f1de4d9212f9f82aaccc5ebf2e68965a2.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4916-0-0x00000000023F0000-0x00000000023F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4916-1-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/4916-2-0x00000000023F0000-0x00000000023F1000-memory.dmp

    Filesize

    4KB

    Download