darkcomet | 7fbe87545eef49da0df850719536bb30b196f7ad2d5a34ee795c01381ffda569 | Triage

Submit
Reports

Overview

overview

Static

static

NMDC LTD R...on.exe

windows7_x64

NMDC LTD R...on.exe

windows10_x64

Sharing

General

Target

NMDC LTD RTGS Payment Confirmation.exe
Size

1.3MB
Sample

210811-zb5s67656e
MD5

5d06b31229aa680e234485c9fc4c1635
SHA1

571f4338a07a2c20c26dbdc66792675b649b1e24
SHA256

7fbe87545eef49da0df850719536bb30b196f7ad2d5a34ee795c01381ffda569
SHA512

0469e235a13691ff5a058469f04085e5410a53ed596b060ebd17dd6aba45be2845e94ab1d75d85e0411c908ab50e1dfbe550b4baae68e96e8fda9b1f8739ec3f

Score

10^/10

darkcomet rat suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

NMDC LTD RTGS Payment Confirmation.exe

Resource

win7v20210410

darkcomet rat suricata trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NMDC LTD RTGS Payment Confirmation.exe

Resource

win10v20210408

darkcomet rat suricata trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  NMDC LTD RTGS Payment Confirmation.exe
- Size
  
  1.3MB
- MD5
  
  5d06b31229aa680e234485c9fc4c1635
- SHA1
  
  571f4338a07a2c20c26dbdc66792675b649b1e24
- SHA256
  
  7fbe87545eef49da0df850719536bb30b196f7ad2d5a34ee795c01381ffda569
- SHA512
  
  0469e235a13691ff5a058469f04085e5410a53ed596b060ebd17dd6aba45be2845e94ab1d75d85e0411c908ab50e1dfbe550b4baae68e96e8fda9b1f8739ec3f
Score

10^/10

darkcomet rat suricata trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- suricata: ET MALWARE Backdoor.Win32.DarkComet Keepalive Inbound
  suricata: ET MALWARE Backdoor.Win32.DarkComet Keepalive Inbound
  suricata
- suricata: ET MALWARE Backdoor.Win32.DarkComet Keepalive Outbound
  suricata: ET MALWARE Backdoor.Win32.DarkComet Keepalive Outbound
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometratsuricatatrojanupx

behavioral2

darkcometratsuricatatrojanupx

© 2018-2024

Terms | Privacy