darkcomet | 146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093

General

Target

146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Size

658KB
MD5

5bff2c2bdc7523e24d7ecc0995a814e6
SHA1

ba82bada9fc8e405b3e9fe5aa742cd5337cf6a2f
SHA256

146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093
SHA512

0c020e01655be45b7cddad37e7999e340d50a6c4b31b9c90c4f29aecd3bfc82fcdd99fdba207bd243154a965abb378a81a5c887c67dea87c21b97e32446b4d8a

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Suspicious use of SetThreadContext 1 IoCs

Processes:

146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe

description	pid	process	target process
PID 4460 set thread context of 2764	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe	iexplore.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exeiexplore.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeSecurityPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeTakeOwnershipPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeLoadDriverPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeSystemProfilePrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeSystemtimePrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeProfSingleProcessPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeIncBasePriorityPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeCreatePagefilePrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeBackupPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeRestorePrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeShutdownPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeDebugPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeSystemEnvironmentPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeChangeNotifyPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeRemoteShutdownPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeUndockPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeManageVolumePrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeImpersonatePrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeCreateGlobalPrivilege	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: 33	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: 34	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: 35	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: 36	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
Token: SeIncreaseQuotaPrivilege	2764	iexplore.exe
Token: SeSecurityPrivilege	2764	iexplore.exe
Token: SeTakeOwnershipPrivilege	2764	iexplore.exe
Token: SeLoadDriverPrivilege	2764	iexplore.exe
Token: SeSystemProfilePrivilege	2764	iexplore.exe
Token: SeSystemtimePrivilege	2764	iexplore.exe
Token: SeProfSingleProcessPrivilege	2764	iexplore.exe
Token: SeIncBasePriorityPrivilege	2764	iexplore.exe
Token: SeCreatePagefilePrivilege	2764	iexplore.exe
Token: SeBackupPrivilege	2764	iexplore.exe
Token: SeRestorePrivilege	2764	iexplore.exe
Token: SeShutdownPrivilege	2764	iexplore.exe
Token: SeDebugPrivilege	2764	iexplore.exe
Token: SeSystemEnvironmentPrivilege	2764	iexplore.exe
Token: SeChangeNotifyPrivilege	2764	iexplore.exe
Token: SeRemoteShutdownPrivilege	2764	iexplore.exe
Token: SeUndockPrivilege	2764	iexplore.exe
Token: SeManageVolumePrivilege	2764	iexplore.exe
Token: SeImpersonatePrivilege	2764	iexplore.exe
Token: SeCreateGlobalPrivilege	2764	iexplore.exe
Token: 33	2764	iexplore.exe
Token: 34	2764	iexplore.exe
Token: 35	2764	iexplore.exe
Token: 36	2764	iexplore.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

iexplore.exe

pid process

2764 iexplore.exe

pid	process
2764	iexplore.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe

description	pid	process	target process
PID 4460 wrote to memory of 2764	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe	iexplore.exe
PID 4460 wrote to memory of 2764	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe	iexplore.exe
PID 4460 wrote to memory of 2764	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe	iexplore.exe
PID 4460 wrote to memory of 2764	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe	iexplore.exe
PID 4460 wrote to memory of 2764	4460	146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe	iexplore.exe

C:\Users\Admin\AppData\Local\Temp\146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe
"C:\Users\Admin\AppData\Local\Temp\146b331d7a950ba3fe065fa7e46247be1b367c70a0ed506f1952f344163e7093.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4460

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2764

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads