darkcomet | 45cf8c779808395dc912f672906c7238ba29d6378ffbd9473e7d903969357a27 | Triage

Submit
Reports

Overview

overview

Static

static

45cf8c7798...27.exe

windows7_x64

45cf8c7798...27.exe

windows10-2004_x64

Sharing

General

Target

45cf8c779808395dc912f672906c7238ba29d6378ffbd9473e7d903969357a27
Size

1.0MB
Sample

220707-mtrd5afff7
MD5

21628e8eba8eb7180cd6c34f6a5ad58b
SHA1

77d9b1cb8ee1e85741bfa9c55b5b148113889d4c
SHA256

45cf8c779808395dc912f672906c7238ba29d6378ffbd9473e7d903969357a27
SHA512

e3dd0f9135f82ed42db2c5f73dd808b96c51d6d6f281b3b50a26561a3d560ecd2bae941a9472e4dba454873c70b07e2b0574f989ad0b3a3ab1ee422cd4fad351

Score

10^/10

darkcomet machines persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

45cf8c779808395dc912f672906c7238ba29d6378ffbd9473e7d903969357a27.exe

Resource

win7-20220414-en

darkcomet machines persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

45cf8c779808395dc912f672906c7238ba29d6378ffbd9473e7d903969357a27.exe

Resource

win10v2004-20220414-en

darkcomet machines persistence rat trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Machines

C2

yoongconie.ddns.net:2216

Mutex

DC_MUTEX-CCRTDV7

Attributes

gencode
zX5yKAb1uzFM
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  45cf8c779808395dc912f672906c7238ba29d6378ffbd9473e7d903969357a27
- Size
  
  1.0MB
- MD5
  
  21628e8eba8eb7180cd6c34f6a5ad58b
- SHA1
  
  77d9b1cb8ee1e85741bfa9c55b5b148113889d4c
- SHA256
  
  45cf8c779808395dc912f672906c7238ba29d6378ffbd9473e7d903969357a27
- SHA512
  
  e3dd0f9135f82ed42db2c5f73dd808b96c51d6d6f281b3b50a26561a3d560ecd2bae941a9472e4dba454873c70b07e2b0574f989ad0b3a3ab1ee422cd4fad351
Score

10^/10

darkcomet machines persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometmachinespersistencerattrojanupx

behavioral2

darkcometmachinespersistencerattrojanupx

© 2018-2024

Terms | Privacy