darkcomet | 43017a60a99ab0a9ac4ac4087b4d25ff4263e5bae796f4979d777395ae09e67b | Triage

Submit
Reports

Overview

overview

Static

static

DAZ Studio...4c.exe

windows7_x64

DAZ Studio...4c.exe

windows10_x64

Sharing

General

Target

DAZ Studio Professional 4.15.0.30 x64c.exe
Size

536KB
Sample

211202-cmkynaabbn
MD5

6485a104cfdf2d8e847f3116347736a6
SHA1

17d5e7d32055ed9c98de05b9f14c9ae2cb573fcc
SHA256

43017a60a99ab0a9ac4ac4087b4d25ff4263e5bae796f4979d777395ae09e67b
SHA512

0ff04031a776e5beb8062bc6483f265f5e043b44d760320b2052a7ce98d6b3181cd7e1f4c69374e9af4a9397a48c83c95d61aee733c03a8d2ef1acafe454ac8c

Score

10^/10

darkcomet daz studio professional 4.15.0.30 x64 persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

DAZ Studio Professional 4.15.0.30 x64c.exe

Resource

win7-en-20211104

darkcomet daz studio professional 4.15.0.30 x64 persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DAZ Studio Professional 4.15.0.30 x64c.exe

Resource

win10-en-20211014

darkcomet daz studio professional 4.15.0.30 x64 persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

DAZ Studio Professional 4.15.0.30 x64

C2

clientts.ddns.net:1604

Mutex

DCMIN_MUTEX-7VA997K

Attributes

gencode
iVpp885bSBQY
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  DAZ Studio Professional 4.15.0.30 x64c.exe
- Size
  
  536KB
- MD5
  
  6485a104cfdf2d8e847f3116347736a6
- SHA1
  
  17d5e7d32055ed9c98de05b9f14c9ae2cb573fcc
- SHA256
  
  43017a60a99ab0a9ac4ac4087b4d25ff4263e5bae796f4979d777395ae09e67b
- SHA512
  
  0ff04031a776e5beb8062bc6483f265f5e043b44d760320b2052a7ce98d6b3181cd7e1f4c69374e9af4a9397a48c83c95d61aee733c03a8d2ef1acafe454ac8c
Score

10^/10

darkcomet daz studio professional 4.15.0.30 x64 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometdaz studio professional 4.15.0.30 x64persistencerattrojanupx

behavioral2

darkcometdaz studio professional 4.15.0.30 x64persistencerattrojanupx

© 2018-2024

Terms | Privacy