darkcomet | 8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8 | Triage

Submit
Reports

Overview

overview

Static

static

8b4e13336a...b8.exe

windows7_x64

8b4e13336a...b8.exe

windows10_x64

Sharing

General

Target

8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8
Size

404KB
Sample

201106-ndq1xecsge
MD5

031bc4d25f79bc974e1eb0a389590a4d
SHA1

35ca2381988729dd6ac4f57f945472b56a76182b
SHA256

8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8
SHA512

393c8e69c3f69754b42f09ce227548f6c1b2b722384ce92c669ccad072f9d730a06c93132b9ec43f51f0eb4d7ad04197fc23d8b61dc6aa9351b9ce12ddcd9820

Score

10^/10

darkcomet privcrypt rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8.exe

Resource

win7v20201028

darkcomet privcrypt rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8.exe

Resource

win10v20201028

darkcomet privcrypt rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

PrivCrypt

C2

emile2012.no-ip.info:1337

Mutex

DCMIN_MUTEX-WB71XN1

Attributes

gencode
dby0EQrVG8Ck
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8
- Size
  
  404KB
- MD5
  
  031bc4d25f79bc974e1eb0a389590a4d
- SHA1
  
  35ca2381988729dd6ac4f57f945472b56a76182b
- SHA256
  
  8b4e13336abef6ecfbff5b1fea65e840863acbe85ef008fc43f4c6f108b391b8
- SHA512
  
  393c8e69c3f69754b42f09ce227548f6c1b2b722384ce92c669ccad072f9d730a06c93132b9ec43f51f0eb4d7ad04197fc23d8b61dc6aa9351b9ce12ddcd9820
Score

10^/10

darkcomet privcrypt rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometprivcryptrattrojanupx

behavioral2

darkcometprivcryptrattrojanupx

© 2018-2024

Terms | Privacy