darkcomet | 550c64585f830c9ab794ad1f9e9df78ecf9b2dc8580038532e9b9033118186a1 | Triage

Submit
Reports

Overview

overview

Static

static

e437647987...d4.exe

windows7_x64

e437647987...d4.exe

windows10_x64

Sharing

General

Target

e437647987807d34da932489603025d4
Size

945KB
Sample

201214-al2ggwvk5e
MD5

e437647987807d34da932489603025d4
SHA1

d1129315116b9c041942df9d9fa49323a416125b
SHA256

550c64585f830c9ab794ad1f9e9df78ecf9b2dc8580038532e9b9033118186a1
SHA512

24c4021a81cccf1b99d3795e50aee0524910735a5446ef7d8f012b16139767a4c169d51ce0473f4eb7c56380d48fb1deb6b005a63cd74f1eaade3e40a09d0676

Score

10^/10

darkcomet guest evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

e437647987807d34da932489603025d4.exe

Resource

win7v20201028

darkcomet guest evasion rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e437647987807d34da932489603025d4.exe

Resource

win10v20201028

darkcomet guest evasion rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

guest

C2

127.0.0.1:1604

Mutex

DC_MUTEX-1JZLPXV

Attributes

gencode
9npjPzJ7GsSo
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  e437647987807d34da932489603025d4
- Size
  
  945KB
- MD5
  
  e437647987807d34da932489603025d4
- SHA1
  
  d1129315116b9c041942df9d9fa49323a416125b
- SHA256
  
  550c64585f830c9ab794ad1f9e9df78ecf9b2dc8580038532e9b9033118186a1
- SHA512
  
  24c4021a81cccf1b99d3795e50aee0524910735a5446ef7d8f012b16139767a4c169d51ce0473f4eb7c56380d48fb1deb6b005a63cd74f1eaade3e40a09d0676
Score

10^/10

darkcomet guest evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguestevasionrattrojanupx

behavioral2

darkcometguestevasionrattrojanupx

© 2018-2024

Terms | Privacy