darkcomet | eeca48eaa6357bdda81be1ed1809f67a4bd3cf6d34e161a5d0852072163ee6b1 | Triage

Submit
Reports

Overview

overview

Static

static

Setup\setup.exe

windows7_x64

Setup\setup.exe

windows10_x64

Sharing

General

Target

Setup\setup.exe
Size

438KB
Sample

211202-erba5aebf3
MD5

7bc24f41ed99371db121f254bb976b1b
SHA1

97cd932ad75d50fa233f113361eac0250d162851
SHA256

eeca48eaa6357bdda81be1ed1809f67a4bd3cf6d34e161a5d0852072163ee6b1
SHA512

a6d401cf4811be012212462f83ed72d612c4aff80fbcdef8fa20d582011f04d9207f60f17f3b8b77951313614d9914e694a8d6a466848af3bf81d94d37aa7552

Score

10^/10

darkcomet pixologic zbrush v2022.0.1 persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Setup\setup.exe

Resource

win7-en-20211104

darkcomet pixologic zbrush v2022.0.1 persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Setup\setup.exe

Resource

win10-en-20211014

darkcomet pixologic zbrush v2022.0.1 persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Pixologic ZBrush v2022.0.1

C2

clientts.ddns.net:1604

Mutex

DCMIN_MUTEX-WDFEVZX

Attributes

gencode
Efa3b9ZfkSe7
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  Setup\setup.exe
- Size
  
  438KB
- MD5
  
  7bc24f41ed99371db121f254bb976b1b
- SHA1
  
  97cd932ad75d50fa233f113361eac0250d162851
- SHA256
  
  eeca48eaa6357bdda81be1ed1809f67a4bd3cf6d34e161a5d0852072163ee6b1
- SHA512
  
  a6d401cf4811be012212462f83ed72d612c4aff80fbcdef8fa20d582011f04d9207f60f17f3b8b77951313614d9914e694a8d6a466848af3bf81d94d37aa7552
Score

10^/10

darkcomet pixologic zbrush v2022.0.1 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpixologic zbrush v2022.0.1persistencerattrojanupx

behavioral2

darkcometpixologic zbrush v2022.0.1persistencerattrojanupx

© 2018-2024

Terms | Privacy