Overview

overview

10

Static

static

3

passw‮�...xt.scr

windows7-x64

10

passw‮�...xt.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_36818cec37f78af0dc6ed18f995e99db

  • Size

    5.7MB

  • Sample

    250126-r7fl1avrgj

  • MD5

    36818cec37f78af0dc6ed18f995e99db

  • SHA1

    897faa6b1ea42aa0960b9ec37545e420039de4ae

  • SHA256

    9aed0cbba11197860a2b4d47e31d0561366b1380434b32c5e6a57c103e0bd40a

  • SHA512

    8ebd4eccd506c31ec6d7c3e32a3ccf19528afe552c6a927b487aa986c91dee48acbcce9f2ea1848e6728f986c2bbb13fe34974e2ffbce30d74e62152f66ffd07

  • SSDEEP

    98304:3SANAGFabnBmerSDQswzhOseurqzdKq2clGZhLd90aKgzFM2PI1WL4671nCkEN35:3YGIbCDGzhOYqpKq2IGZsKjtLfxnCkq5

Score
10/10
darkcometguest16discoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

marins.zapto.org:200

Mutex

DC_MUTEX-4P3XX1N

Attributes
  • gencode

    aGYevwKbDrua

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      passw‮‮‮‮‮‮‮‮txt.scr

    • Size

      1.2MB

    • MD5

      77ca989ad6e7b03b45fae82a76033687

    • SHA1

      0d12fc51c81dc320799daa675ebdf351d46a5573

    • SHA256

      6ac3f0bd420b687c360daf61df09899b570d088479d4ba0eb1b934affbed3530

    • SHA512

      6280ba36dc01aef0769209669086adb249b0b3db421c7859edef7028bbd65830cbe24aa21f7d36964983dfb9f117fe144556312a27f293e4973d150bb9733c04

    • SSDEEP

      24576:iXxU5ks52tv1lETA6FEtDQk7rfunI7gB+M:rYF1lETA6FED7B7gB+M

    Score
    10/10
    darkcometguest16discoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks