Overview

overview

10

Static

static

3

201a2a3fea...9N.exe

windows7-x64

10

201a2a3fea...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    201a2a3fea59997395e53238d65ea07d7b5818dd7c2d6462420bf3c0b63cfed9N.exe

  • Size

    9.2MB

  • Sample

    241117-2xj7jsvnbr

  • MD5

    8fcc43370d7bdc75cf0381164a6bee50

  • SHA1

    af7c3b094d2c5cbd153b8fa6815418eb28d7ddbd

  • SHA256

    201a2a3fea59997395e53238d65ea07d7b5818dd7c2d6462420bf3c0b63cfed9

  • SHA512

    137a418afed97a79352a6981b91793bfecd9026f6b5bc45c5268ad60aa1d1d6e6095571bdec0a8103ce8087ec41ed5ae387b43c26ede02c91dea4962030e6368

  • SSDEEP

    196608:ltqD/NMreh/CtTODi/hXFufhOAjXhC01/oicfjRx2g/6GN4Br:cVMmDi/ojFC0qicLR0gCG6V

Score
10/10
darkcometdondiscoveryevasionpersistenceprivilege_escalationratspywarestealertrojan

Malware Config

Extracted

Family

darkcomet

Botnet

don

C2

victoire.dyndns.biz:62955

Mutex

DC_MUTEX-DUXZFBC

Attributes
  • gencode

    pZpvGTDgPY6R

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      201a2a3fea59997395e53238d65ea07d7b5818dd7c2d6462420bf3c0b63cfed9N.exe

    • Size

      9.2MB

    • MD5

      8fcc43370d7bdc75cf0381164a6bee50

    • SHA1

      af7c3b094d2c5cbd153b8fa6815418eb28d7ddbd

    • SHA256

      201a2a3fea59997395e53238d65ea07d7b5818dd7c2d6462420bf3c0b63cfed9

    • SHA512

      137a418afed97a79352a6981b91793bfecd9026f6b5bc45c5268ad60aa1d1d6e6095571bdec0a8103ce8087ec41ed5ae387b43c26ede02c91dea4962030e6368

    • SSDEEP

      196608:ltqD/NMreh/CtTODi/hXFufhOAjXhC01/oicfjRx2g/6GN4Br:cVMmDi/ojFC0qicLR0gCG6V

    Score
    10/10
    darkcometdondiscoveryevasionpersistenceprivilege_escalationratspywarestealertrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks