Overview

overview

10

Static

static

10

УДАР �...�!.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/04/2025, 07:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    УДАР ПО ЯЙЦАМ!.exe

  • Size

    658KB

  • MD5

    f3aa40d99430ccb842392a6aac95a1b6

  • SHA1

    9db9c6b9f0c790f783d359164b31f113ea79e3dc

  • SHA256

    59e8f27e60ae878c8bc61b59f6a21a547c6d4c27afb47fa614efbe8e116513b3

  • SHA512

    1d0c9f4c9badad6891b4cf8cf0d0cafbe14c39ffb837dac28da338bf7a111524fd5afb1a0f78e8d7b674798ff38d3e840b60b973e6adc16a5e33038fbc614a14

  • SSDEEP

    12288:S9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFa:+iBIGkbxqEcjsWiDxguehC2Sd

Score
10/10
darkcometguest16discoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

sound-educated.gl.at.ply.gg:33346

sound-educated.gl.at.ply.gg:1488
Mutex

DC_MUTEX-J79EFKJ

Attributes
  • InstallPath

    cssr.exe

  • gencode

    J5v3kYZkYi5Y

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

rc4.plain

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\УДАР ПО ЯЙЦАМ!.exe
    "C:\Users\Admin\AppData\Local\Temp\УДАР ПО ЯЙЦАМ!.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3360
    • C:\Windows\SysWOW64\notepad.exe
      notepad
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2184

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2184-1-0x0000000000F00000-0x0000000000F01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3360-0-0x00000000007E0000-0x00000000007E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3360-2-0x00000000007E0000-0x00000000007E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3360-3-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download