darkcomet | 783f9bab0999b921ee53e62c7255a546c44e01e00fad05b3a395b4fbedc8bed6 | Triage

Submit
Reports

Overview

overview

Static

static

783f9bab09...d6.exe

windows7_x64

783f9bab09...d6.exe

windows10_x64

Sharing

General

Target

783f9bab0999b921ee53e62c7255a546c44e01e00fad05b3a395b4fbedc8bed6
Size

530KB
Sample

201111-5qcek2w9fj
MD5

f73a094b2992b7527413560954fb05a2
SHA1

e62b577e94dc156a1d5f0b276fffd2fb42f48853
SHA256

783f9bab0999b921ee53e62c7255a546c44e01e00fad05b3a395b4fbedc8bed6
SHA512

4d0b4fbd893e81cda106fc888f6eb1ebca02e21da40e869d045ca4013d5203d95c017831c2c1c6cba344216232957c645a902dd12d40b61d69ba5c70d50e34f7

Score

10^/10

darkcomet evasion persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

783f9bab0999b921ee53e62c7255a546c44e01e00fad05b3a395b4fbedc8bed6.exe

Resource

win7v20201028

darkcomet evasion persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

783f9bab0999b921ee53e62c7255a546c44e01e00fad05b3a395b4fbedc8bed6.exe

Resource

win10v20201028

darkcomet evasion persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  783f9bab0999b921ee53e62c7255a546c44e01e00fad05b3a395b4fbedc8bed6
- Size
  
  530KB
- MD5
  
  f73a094b2992b7527413560954fb05a2
- SHA1
  
  e62b577e94dc156a1d5f0b276fffd2fb42f48853
- SHA256
  
  783f9bab0999b921ee53e62c7255a546c44e01e00fad05b3a395b4fbedc8bed6
- SHA512
  
  4d0b4fbd893e81cda106fc888f6eb1ebca02e21da40e869d045ca4013d5203d95c017831c2c1c6cba344216232957c645a902dd12d40b61d69ba5c70d50e34f7
Score

10^/10

darkcomet evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojanupx

behavioral2

darkcometevasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy