darkcomet | 1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64 | Triage

Submit
Reports

Overview

overview

Static

static

1ba1a86e6f...64.exe

windows7_x64

1ba1a86e6f...64.exe

windows10_x64

3

Sharing

General

Target

1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64
Size

380KB
Sample

200624-jnvqym1sqs
MD5

1016a9cc08ad611bccaa936c16d87c32
SHA1

fa149e450522fcbcd7ae0469ded554bd7a58b6d5
SHA256

1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64
SHA512

4e1d65ae643e56bb16b364f1de519a62a6f8a85c2d0709fa0d2447180ee4f293e1f8d65488d0b717d2de0d8e7b7f69b5fe65a5aa2123acd79ab10c06acac352b

Score

10^/10

darkcomet evasion persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64.exe

Resource

win7v200430

darkcomet evasion persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64.exe

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64
- Size
  
  380KB
- MD5
  
  1016a9cc08ad611bccaa936c16d87c32
- SHA1
  
  fa149e450522fcbcd7ae0469ded554bd7a58b6d5
- SHA256
  
  1ba1a86e6f5e0e1e2f1a596018465345a90822163264c05647e8155edb88ce64
- SHA512
  
  4e1d65ae643e56bb16b364f1de519a62a6f8a85c2d0709fa0d2447180ee4f293e1f8d65488d0b717d2de0d8e7b7f69b5fe65a5aa2123acd79ab10c06acac352b
Score

10^/10

darkcomet evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojanupx

behavioral2

© 2018-2024

Terms | Privacy