darkcomet | 735d4dea1378e1735df51023397ba337eb72d3fc9ec806f04d47b182ba4b4779 | Triage

Submit
Reports

Overview

overview

Static

static

735d4dea13...79.exe

windows7_x64

735d4dea13...79.exe

windows10_x64

Sharing

General

Target

735d4dea1378e1735df51023397ba337eb72d3fc9ec806f04d47b182ba4b4779
Size

520KB
Sample

210924-gx7mmagadq
MD5

2fc861e62742e8c9e534979d1aa3db9e
SHA1

195d8fcf006e93b5c46b3a4ce4d3d12d62818201
SHA256

735d4dea1378e1735df51023397ba337eb72d3fc9ec806f04d47b182ba4b4779
SHA512

b299df8b0b18940f66e50ad17a30f779e2bbfd92781d7d9acc5d91522880b9d407a1d7952ebfdd92954df7187683e87b3eb81eb8d8a440d24cf39b0330039f62

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

735d4dea1378e1735df51023397ba337eb72d3fc9ec806f04d47b182ba4b4779.exe

Resource

win7v20210408

darkcomet persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

735d4dea1378e1735df51023397ba337eb72d3fc9ec806f04d47b182ba4b4779.exe

Resource

win10-en-20210920

darkcomet rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  735d4dea1378e1735df51023397ba337eb72d3fc9ec806f04d47b182ba4b4779
- Size
  
  520KB
- MD5
  
  2fc861e62742e8c9e534979d1aa3db9e
- SHA1
  
  195d8fcf006e93b5c46b3a4ce4d3d12d62818201
- SHA256
  
  735d4dea1378e1735df51023397ba337eb72d3fc9ec806f04d47b182ba4b4779
- SHA512
  
  b299df8b0b18940f66e50ad17a30f779e2bbfd92781d7d9acc5d91522880b9d407a1d7952ebfdd92954df7187683e87b3eb81eb8d8a440d24cf39b0330039f62
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

darkcometrattrojanupx

© 2018-2024

Terms | Privacy