darkcomet | 02811b25e52053553af9b1edf031e2e83cdc7a80b68e45fbca1617872dee55d8 | Triage

Submit
Reports

Overview

overview

Static

static

02811b25e5...d8.exe

windows7_x64

02811b25e5...d8.exe

windows10_x64

Sharing

General

Target

02811b25e52053553af9b1edf031e2e83cdc7a80b68e45fbca1617872dee55d8
Size

520KB
Sample

210922-qmvprafdbn
MD5

642a19d61f9d148344d263180d4e386a
SHA1

e5005eab11acaec13e0c6a2af0744d99727b1d07
SHA256

02811b25e52053553af9b1edf031e2e83cdc7a80b68e45fbca1617872dee55d8
SHA512

2a337f1910cf046e6b0964430b029a2213d9966f9208df3a9614bc178c6743b48401ea9ee87886b404131c50449f82abdb0796c6c5c3344c5186e5fd877b57db

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

02811b25e52053553af9b1edf031e2e83cdc7a80b68e45fbca1617872dee55d8.exe

Resource

win7-en-20210920

darkcomet persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

02811b25e52053553af9b1edf031e2e83cdc7a80b68e45fbca1617872dee55d8.exe

Resource

win10v20210408

darkcomet rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  02811b25e52053553af9b1edf031e2e83cdc7a80b68e45fbca1617872dee55d8
- Size
  
  520KB
- MD5
  
  642a19d61f9d148344d263180d4e386a
- SHA1
  
  e5005eab11acaec13e0c6a2af0744d99727b1d07
- SHA256
  
  02811b25e52053553af9b1edf031e2e83cdc7a80b68e45fbca1617872dee55d8
- SHA512
  
  2a337f1910cf046e6b0964430b029a2213d9966f9208df3a9614bc178c6743b48401ea9ee87886b404131c50449f82abdb0796c6c5c3344c5186e5fd877b57db
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

darkcometrattrojanupx

© 2018-2024

Terms | Privacy