darkcomet | 18f6743a982938fa45f0505b542d114a803e1246cb93382f71cf3b5598f3e986 | Triage

Submit
Reports

Overview

overview

Static

static

setup.exe

windows7_x64

setup.exe

windows10_x64

Sharing

General

Target

setup.exe
Size

634KB
Sample

211202-b5mpjadae5
MD5

a5a31f043f4e293e2760ccb4f209451e
SHA1

81ca6f4f16e8968e789332a6f3a6bf6847ed5fd5
SHA256

18f6743a982938fa45f0505b542d114a803e1246cb93382f71cf3b5598f3e986
SHA512

19205650a46d3db2eb02ceb060da1297b6b774fa1f08aa3f93e9ed251733bb73094f915e2e68b438364b68a02a5102d9cc83ad890ddafc6a0413adf71fa61ecc

Score

10^/10

darkcomet dobe photoshop 2022 persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

setup.exe

Resource

win7-en-20211014

darkcomet dobe photoshop 2022 persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

setup.exe

Resource

win10-en-20211104

darkcomet dobe photoshop 2022 persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

dobe Photoshop 2022

C2

clientts.ddns.net:1604

Mutex

DCMIN_MUTEX-AXQ2YN9

Attributes

gencode
6dlKzQlMJ5u3
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  setup.exe
- Size
  
  634KB
- MD5
  
  a5a31f043f4e293e2760ccb4f209451e
- SHA1
  
  81ca6f4f16e8968e789332a6f3a6bf6847ed5fd5
- SHA256
  
  18f6743a982938fa45f0505b542d114a803e1246cb93382f71cf3b5598f3e986
- SHA512
  
  19205650a46d3db2eb02ceb060da1297b6b774fa1f08aa3f93e9ed251733bb73094f915e2e68b438364b68a02a5102d9cc83ad890ddafc6a0413adf71fa61ecc
Score

10^/10

darkcomet dobe photoshop 2022 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometdobe photoshop 2022persistencerattrojanupx

behavioral2

darkcometdobe photoshop 2022persistencerattrojanupx

© 2018-2024

Terms | Privacy