Overview

overview

10

Static

static

3

d63ee21497...7N.exe

windows7-x64

10

d63ee21497...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d63ee21497555543bca9f7ca589a8a3abb457f93ac459989457239578c0e47e7N

  • Size

    1.8MB

  • Sample

    241009-gdw2savaqq

  • MD5

    43d4bbd88bab1a7c5dbfc1be066d1db0

  • SHA1

    313736e454cf26dda3bedac4559d3860e41f251f

  • SHA256

    d63ee21497555543bca9f7ca589a8a3abb457f93ac459989457239578c0e47e7

  • SHA512

    3c3245426144ee6e9c19f2ade90d85ef58afea4c67f7867b560ae39326006d0334c1e697c7db89119dde969895d29baf944e38707bdffb89d930f52ecfc37869

  • SSDEEP

    24576:76MyeXTLTlGMQzaWMWRIWxhWX4HQIOyJlwdVzwv/QSnyurl/XVtauuEq6:76MyeXTgM7+hDQMwdM4Snysl/ltau

Score
10/10
darkcometguest16discoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

6.tcp.ngrok.io:10522

Mutex

DC_MUTEX-S6X11G9

Attributes
  • gencode

    w5jnrTqtlMtt

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      d63ee21497555543bca9f7ca589a8a3abb457f93ac459989457239578c0e47e7N

    • Size

      1.8MB

    • MD5

      43d4bbd88bab1a7c5dbfc1be066d1db0

    • SHA1

      313736e454cf26dda3bedac4559d3860e41f251f

    • SHA256

      d63ee21497555543bca9f7ca589a8a3abb457f93ac459989457239578c0e47e7

    • SHA512

      3c3245426144ee6e9c19f2ade90d85ef58afea4c67f7867b560ae39326006d0334c1e697c7db89119dde969895d29baf944e38707bdffb89d930f52ecfc37869

    • SSDEEP

      24576:76MyeXTLTlGMQzaWMWRIWxhWX4HQIOyJlwdVzwv/QSnyurl/XVtauuEq6:76MyeXTgM7+hDQMwdM4Snysl/ltau

    Score
    10/10
    darkcometguest16discoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks