darkcomet | bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32 | Triage

Submit
Reports

Overview

overview

Static

static

bf5450720d...32.exe

windows7_x64

bf5450720d...32.exe

windows10_x64

Sharing

General

Target

bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32
Size

759KB
Sample

210223-3e62r4vqjj
MD5

0033390156302419d1c2443fb91b3b7d
SHA1

d1f62d7c700090f9d19a534109e783d13fd4ff48
SHA256

bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32
SHA512

17b88128a27d2ac444b71c31019eeda32dadd7ff14806e5210f33220eede8921c3fb2a1115fde157e33e1f87794420b6f720d347418d99cbeeeb30df6bec4b0d

Score

10^/10

darkcomet killme evasion persistence rat trojan upx

Static task

static1

upx killme darkcomet

Behavioral task

behavioral1

Sample

bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32.exe

Resource

win7v20201028

darkcomet killme evasion persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32.exe

Resource

win10v20201028

darkcomet killme evasion persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

killme

C2

exte.duckdns.org:1604

Mutex

DC_MUTEX-1B8PLBC

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
Vb8gzzR5D30d
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32
- Size
  
  759KB
- MD5
  
  0033390156302419d1c2443fb91b3b7d
- SHA1
  
  d1f62d7c700090f9d19a534109e783d13fd4ff48
- SHA256
  
  bf5450720dc7a16cf3a0a1555db7f297d01c30468b3d780b2cd17fc17e54fe32
- SHA512
  
  17b88128a27d2ac444b71c31019eeda32dadd7ff14806e5210f33220eede8921c3fb2a1115fde157e33e1f87794420b6f720d347418d99cbeeeb30df6bec4b0d
Score

10^/10

darkcomet killme evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxkillmedarkcomet

behavioral1

darkcometkillmeevasionpersistencerattrojanupx

behavioral2

darkcometkillmeevasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy