darkcomet | 4eb0e9fe8a9f823d5498797b99c0d7c21a2cc4cfdf7808560040b2116b9dd452 | Triage

Submit
Reports

Overview

overview

Static

static

4eb0e9fe8a...52.exe

windows7-x64

4eb0e9fe8a...52.exe

windows10-2004-x64

Sharing

General

Target

4eb0e9fe8a9f823d5498797b99c0d7c21a2cc4cfdf7808560040b2116b9dd452
Size

439KB
Sample

220720-vbld6abfh6
MD5

7970df345b3ee305ac6b4b028ee1d552
SHA1

d0c2b3ae5b4fad875a24fb80786797366647151b
SHA256

4eb0e9fe8a9f823d5498797b99c0d7c21a2cc4cfdf7808560040b2116b9dd452
SHA512

214c2dbb52d82aae810327e9f8d20594db3aa89fb1b2ae5d0d639a5a9cf554dc56dc1b8dd22a6d82b489cdd17345990519ec9deb12e9dda3e24c7843c5cb8f75

Score

10^/10

darkcomet guest16 rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

4eb0e9fe8a9f823d5498797b99c0d7c21a2cc4cfdf7808560040b2116b9dd452.exe

Resource

win7-20220715-en

darkcomet guest16 rat trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4eb0e9fe8a9f823d5498797b99c0d7c21a2cc4cfdf7808560040b2116b9dd452.exe

Resource

win10v2004-20220414-en

darkcomet guest16 rat trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

minsuport.duckdns.org:3333

Mutex

DC_MUTEX-TZSLN7R

Attributes

gencode
KexhufRKN03t
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  4eb0e9fe8a9f823d5498797b99c0d7c21a2cc4cfdf7808560040b2116b9dd452
- Size
  
  439KB
- MD5
  
  7970df345b3ee305ac6b4b028ee1d552
- SHA1
  
  d0c2b3ae5b4fad875a24fb80786797366647151b
- SHA256
  
  4eb0e9fe8a9f823d5498797b99c0d7c21a2cc4cfdf7808560040b2116b9dd452
- SHA512
  
  214c2dbb52d82aae810327e9f8d20594db3aa89fb1b2ae5d0d639a5a9cf554dc56dc1b8dd22a6d82b489cdd17345990519ec9deb12e9dda3e24c7843c5cb8f75
Score

10^/10

darkcomet guest16 rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojanupx

behavioral2

darkcometguest16rattrojanupx

© 2018-2024

Terms | Privacy