darkcomet | 6d3377e9fe7662f985188bcb510b078aea81721ed4f801f096032ae2e397b877

Analysis

max time kernel
59s
max time network
110s
platform
windows10_x64
resource
win10v20201028
submitted
14-12-2020 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

345897ca6fb51912b4e904e02592142b.exe
Size

658KB
MD5

345897ca6fb51912b4e904e02592142b
SHA1

b017042a6cbc079f627d6619b0318d2fcc15e923
SHA256

6d3377e9fe7662f985188bcb510b078aea81721ed4f801f096032ae2e397b877
SHA512

1ccfe851fbb547a7cff8061467785949cdf6ea8d95d43628bb43424ce9c94bf5c29c3b3e1635ba409734bf4ccaa54653964a432267db703cd86b041b4bd49cb4

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 24 IoCs

Processes:

345897ca6fb51912b4e904e02592142b.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeSecurityPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeTakeOwnershipPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeLoadDriverPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeSystemProfilePrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeSystemtimePrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeProfSingleProcessPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeIncBasePriorityPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeCreatePagefilePrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeBackupPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeRestorePrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeShutdownPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeDebugPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeSystemEnvironmentPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeChangeNotifyPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeRemoteShutdownPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeUndockPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeManageVolumePrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeImpersonatePrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: SeCreateGlobalPrivilege	984	345897ca6fb51912b4e904e02592142b.exe
Token: 33	984	345897ca6fb51912b4e904e02592142b.exe
Token: 34	984	345897ca6fb51912b4e904e02592142b.exe
Token: 35	984	345897ca6fb51912b4e904e02592142b.exe
Token: 36	984	345897ca6fb51912b4e904e02592142b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

345897ca6fb51912b4e904e02592142b.exe

pid process

984 345897ca6fb51912b4e904e02592142b.exe

pid	process
984	345897ca6fb51912b4e904e02592142b.exe

C:\Users\Admin\AppData\Local\Temp\345897ca6fb51912b4e904e02592142b.exe
"C:\Users\Admin\AppData\Local\Temp\345897ca6fb51912b4e904e02592142b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:984

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads