darkcomet | e3e705a910cdde002fa583f2a48fef67ac4a035a424bc6ab0e2797c10d0bd26f | Triage

Submit
Reports

Overview

overview

Static

static

e3e705a910...6f.exe

windows7_x64

e3e705a910...6f.exe

windows10_x64

Sharing

General

Target

e3e705a910cdde002fa583f2a48fef67ac4a035a424bc6ab0e2797c10d0bd26f
Size

744KB
Sample

210517-73svzl82za
MD5

59dbe0b0647411f9eaedf5575271faef
SHA1

4c9f74505f9560b36fc05a65922e67657554be48
SHA256

e3e705a910cdde002fa583f2a48fef67ac4a035a424bc6ab0e2797c10d0bd26f
SHA512

eaf02e903f86c71bf3fcc3061506faa1b0157c8f7b2dd95348eb919842532e97bf94ea46ae0596ec9774e0f67247df98e0607619b6932f096d95a3ba303bd3b0

Score

10^/10

darkcomet xmrig persistence rat trojan upx

Static task

static1

upx xmrig darkcomet

Behavioral task

behavioral1

Sample

e3e705a910cdde002fa583f2a48fef67ac4a035a424bc6ab0e2797c10d0bd26f.exe

Resource

win7v20210408

darkcomet xmrig persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e3e705a910cdde002fa583f2a48fef67ac4a035a424bc6ab0e2797c10d0bd26f.exe

Resource

win10v20210410

darkcomet xmrig persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

XMRIG

C2

182.254.195.236:10101

Mutex

DCMIN_MUTEX-CD6C7CH

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
ReJpgGYt7ySF
install
true
offline_keylogger
true
persistence
false
reg_key
NicoSoft

Targets

- Target
  
  e3e705a910cdde002fa583f2a48fef67ac4a035a424bc6ab0e2797c10d0bd26f
- Size
  
  744KB
- MD5
  
  59dbe0b0647411f9eaedf5575271faef
- SHA1
  
  4c9f74505f9560b36fc05a65922e67657554be48
- SHA256
  
  e3e705a910cdde002fa583f2a48fef67ac4a035a424bc6ab0e2797c10d0bd26f
- SHA512
  
  eaf02e903f86c71bf3fcc3061506faa1b0157c8f7b2dd95348eb919842532e97bf94ea46ae0596ec9774e0f67247df98e0607619b6932f096d95a3ba303bd3b0
Score

10^/10

darkcomet xmrig persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upxxmrigdarkcomet

behavioral1

darkcometxmrigpersistencerattrojanupx

behavioral2

darkcometxmrigpersistencerattrojanupx

© 2018-2024

Terms | Privacy