darkcomet | 4bf25d8f561fa3bf452d87b82bbb051d074b2ae8bcebec1dc421d1e653902884 | Triage

Submit
Reports

Overview

overview

Static

static

5

153adafeef...7c.exe

windows7_x64

153adafeef...7c.exe

windows10_x64

Sharing

General

Target

153adafeef04097d2f2dde2fce6d0105a3893c88e7722f930fa1979c112f877c.exe
Size

1.7MB
Sample

201109-qnrp3zkb8n
MD5

b73ddd5b666ee096c73d5dccee18b54b
SHA1

60483bb7bb5f6aea52b4afbc60b3d4cbe1bb9a00
SHA256

4bf25d8f561fa3bf452d87b82bbb051d074b2ae8bcebec1dc421d1e653902884
SHA512

ad7d8bcdf85eddc1412a6196392bec46ba3aaf8d9f1e48b399289e2225c42f43a5a4305840595ff96abf4f67eccf9e64669a77e8b2e6fabe8b84fbb533e893e2

Score

10^/10

darkcomet guest16_min persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

153adafeef04097d2f2dde2fce6d0105a3893c88e7722f930fa1979c112f877c.exe

Resource

win7v20201028

darkcomet guest16_min persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

153adafeef04097d2f2dde2fce6d0105a3893c88e7722f930fa1979c112f877c.exe

Resource

win10v20201028

darkcomet guest16_min persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:82

Mutex

DCMIN_MUTEX-U2EW3CZ

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
vzqTZlD6owu2
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  153adafeef04097d2f2dde2fce6d0105a3893c88e7722f930fa1979c112f877c.exe
- Size
  
  1.7MB
- MD5
  
  b73ddd5b666ee096c73d5dccee18b54b
- SHA1
  
  60483bb7bb5f6aea52b4afbc60b3d4cbe1bb9a00
- SHA256
  
  4bf25d8f561fa3bf452d87b82bbb051d074b2ae8bcebec1dc421d1e653902884
- SHA512
  
  ad7d8bcdf85eddc1412a6196392bec46ba3aaf8d9f1e48b399289e2225c42f43a5a4305840595ff96abf4f67eccf9e64669a77e8b2e6fabe8b84fbb533e893e2
Score

10^/10

darkcomet guest16_min persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- autoit_exe
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16_minpersistencerattrojan

behavioral2

darkcometguest16_minpersistencerattrojan

© 2018-2024

Terms | Privacy