darkcomet | 23177b599c322119b7796bbfd6e8f0005ed1f3a6e51b28c19bfe85706cbc30ea | Triage

Submit
Reports

Overview

overview

Static

static

23177b599c...ea.exe

windows7_x64

23177b599c...ea.exe

windows10_x64

Sharing

General

Target

23177b599c322119b7796bbfd6e8f0005ed1f3a6e51b28c19bfe85706cbc30ea
Size

726KB
Sample

201110-t1cnzg56se
MD5

36f8a5356eaa170009cd6cc4bb7e4eeb
SHA1

fc4601d48e42cfbea7cee7891d9170d7d9de2370
SHA256

23177b599c322119b7796bbfd6e8f0005ed1f3a6e51b28c19bfe85706cbc30ea
SHA512

30cab5cb33f7fd22bfe004cb794e65ad7bd1513404893107ebcb8bc12ea6d7ee4526302cd352710ed650dc3043fd16c333eb131e8313951dea48273060096660

Score

10^/10

darkcomet cybergate persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

23177b599c322119b7796bbfd6e8f0005ed1f3a6e51b28c19bfe85706cbc30ea.exe

Resource

win7v20201028

darkcomet cybergate persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

23177b599c322119b7796bbfd6e8f0005ed1f3a6e51b28c19bfe85706cbc30ea.exe

Resource

win10v20201028

darkcomet cybergate persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Cybergate

C2

xyk.no-ip.org:82

Mutex

DC_MUTEX-CBRCJKD

Attributes

gencode
dStG8rFqSf0i
install
false
offline_keylogger
true
password
12345678
persistence
false

Targets

- Target
  
  23177b599c322119b7796bbfd6e8f0005ed1f3a6e51b28c19bfe85706cbc30ea
- Size
  
  726KB
- MD5
  
  36f8a5356eaa170009cd6cc4bb7e4eeb
- SHA1
  
  fc4601d48e42cfbea7cee7891d9170d7d9de2370
- SHA256
  
  23177b599c322119b7796bbfd6e8f0005ed1f3a6e51b28c19bfe85706cbc30ea
- SHA512
  
  30cab5cb33f7fd22bfe004cb794e65ad7bd1513404893107ebcb8bc12ea6d7ee4526302cd352710ed650dc3043fd16c333eb131e8313951dea48273060096660
Score

10^/10

darkcomet cybergate persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometcybergatepersistencerattrojanupx

behavioral2

darkcometcybergatepersistencerattrojanupx

© 2018-2024

Terms | Privacy