darkcomet | addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75

General

Target

addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Size

756KB
MD5

d6039d4e775e33fda4b9b8af49b70e26
SHA1

60a5912dfbb7262b5c6a92f8d2f0994dbc3e3ab1
SHA256

addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75
SHA512

399b0a887506ca95f909f5f5f9cefd5756646a4261d630beaf327dfc424850d49e2532942ca2b2b10355f955b400ebf8a38ae0074efb655b544671e02029d772

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Suspicious use of SetThreadContext 1 IoCs

Processes:

addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe

description	pid	process	target process
PID 3568 set thread context of 2080	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe	iexplore.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exeiexplore.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeSecurityPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeTakeOwnershipPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeLoadDriverPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeSystemProfilePrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeSystemtimePrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeProfSingleProcessPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeIncBasePriorityPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeCreatePagefilePrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeBackupPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeRestorePrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeShutdownPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeDebugPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeSystemEnvironmentPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeChangeNotifyPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeRemoteShutdownPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeUndockPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeManageVolumePrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeImpersonatePrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeCreateGlobalPrivilege	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: 33	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: 34	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: 35	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: 36	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
Token: SeIncreaseQuotaPrivilege	2080	iexplore.exe
Token: SeSecurityPrivilege	2080	iexplore.exe
Token: SeTakeOwnershipPrivilege	2080	iexplore.exe
Token: SeLoadDriverPrivilege	2080	iexplore.exe
Token: SeSystemProfilePrivilege	2080	iexplore.exe
Token: SeSystemtimePrivilege	2080	iexplore.exe
Token: SeProfSingleProcessPrivilege	2080	iexplore.exe
Token: SeIncBasePriorityPrivilege	2080	iexplore.exe
Token: SeCreatePagefilePrivilege	2080	iexplore.exe
Token: SeBackupPrivilege	2080	iexplore.exe
Token: SeRestorePrivilege	2080	iexplore.exe
Token: SeShutdownPrivilege	2080	iexplore.exe
Token: SeDebugPrivilege	2080	iexplore.exe
Token: SeSystemEnvironmentPrivilege	2080	iexplore.exe
Token: SeChangeNotifyPrivilege	2080	iexplore.exe
Token: SeRemoteShutdownPrivilege	2080	iexplore.exe
Token: SeUndockPrivilege	2080	iexplore.exe
Token: SeManageVolumePrivilege	2080	iexplore.exe
Token: SeImpersonatePrivilege	2080	iexplore.exe
Token: SeCreateGlobalPrivilege	2080	iexplore.exe
Token: 33	2080	iexplore.exe
Token: 34	2080	iexplore.exe
Token: 35	2080	iexplore.exe
Token: 36	2080	iexplore.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

iexplore.exe

pid process

2080 iexplore.exe

pid	process
2080	iexplore.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe

description	pid	process	target process
PID 3568 wrote to memory of 2080	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe	iexplore.exe
PID 3568 wrote to memory of 2080	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe	iexplore.exe
PID 3568 wrote to memory of 2080	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe	iexplore.exe
PID 3568 wrote to memory of 2080	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe	iexplore.exe
PID 3568 wrote to memory of 2080	3568	addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe	iexplore.exe

C:\Users\Admin\AppData\Local\Temp\addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe
"C:\Users\Admin\AppData\Local\Temp\addb9f5515f4437e000fc530b8cae82de09440d1cef830206dd59f3925a71e75.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3568

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2080

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads