darkcomet | 8270e148478ac6886769640495e3e8dd0a5612b40f4da6cd1e662998d91cddf0 | Triage

Submit
Reports

Overview

overview

Static

static

8270e14847...f0.exe

windows7_x64

8270e14847...f0.exe

windows10_x64

Sharing

General

Target

8270e148478ac6886769640495e3e8dd0a5612b40f4da6cd1e662998d91cddf0
Size

1.7MB
Sample

201108-6zhax8v96n
MD5

3adb0bd3fc62ac103e0d89c42088d4a7
SHA1

7b792238778c5174efa375286dc1b30b7e8e05be
SHA256

8270e148478ac6886769640495e3e8dd0a5612b40f4da6cd1e662998d91cddf0
SHA512

7d695d23b0b840deffc0a0a406b8eae9f5ff9cfddbfc4300ded622495a92010c865b62080fcb9c7579c6d00bac0f5fe2b0063160ab256c83abf7f230f279d9b6

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

8270e148478ac6886769640495e3e8dd0a5612b40f4da6cd1e662998d91cddf0.exe

Resource

win7v20201028

darkcomet persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8270e148478ac6886769640495e3e8dd0a5612b40f4da6cd1e662998d91cddf0.exe

Resource

win10v20201028

darkcomet persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8270e148478ac6886769640495e3e8dd0a5612b40f4da6cd1e662998d91cddf0
- Size
  
  1.7MB
- MD5
  
  3adb0bd3fc62ac103e0d89c42088d4a7
- SHA1
  
  7b792238778c5174efa375286dc1b30b7e8e05be
- SHA256
  
  8270e148478ac6886769640495e3e8dd0a5612b40f4da6cd1e662998d91cddf0
- SHA512
  
  7d695d23b0b840deffc0a0a406b8eae9f5ff9cfddbfc4300ded622495a92010c865b62080fcb9c7579c6d00bac0f5fe2b0063160ab256c83abf7f230f279d9b6
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

darkcometpersistencerattrojanupx

© 2018-2024

Terms | Privacy