darkcomet | 00397ae0e8da20a2542f4478beb51efb5abf2806eca257ddd8da02e4fd2fa780 | Triage

Submit
Reports

Overview

overview

Static

static

00397ae0e8...80.exe

windows7-x64

00397ae0e8...80.exe

windows10-2004-x64

Sharing

General

Target

00397ae0e8da20a2542f4478beb51efb5abf2806eca257ddd8da02e4fd2fa780
Size

600KB
Sample

220919-lafylsebgn
MD5

744f7afc50e0e4dfa34d013183c315ef
SHA1

73ad9e11ab3f2edf861663c7e33b261e6cd3364b
SHA256

00397ae0e8da20a2542f4478beb51efb5abf2806eca257ddd8da02e4fd2fa780
SHA512

4f41367d25dbd7c85a67dec890df25d0e078b85a302b863911da325f0889d018cf0665ae3bcc8827ce483ea1a51ba271935905cccc2b5d58189f63bb860c504c
SSDEEP

12288:n2vt6Pp8TgrMDm5GwvBnx+EUGxWVfWRSlQvKeZBbjcg:n2lJgoDGGwvlx+EUGoShA

Score

10^/10

darkcomet privateeye persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

00397ae0e8da20a2542f4478beb51efb5abf2806eca257ddd8da02e4fd2fa780.exe

Resource

win7-20220812-en

darkcomet privateeye persistence rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

00397ae0e8da20a2542f4478beb51efb5abf2806eca257ddd8da02e4fd2fa780.exe

Resource

win10v2004-20220812-en

darkcomet privateeye persistence rat trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

PrivateEye

C2

sn0.no-ip.biz:2928

Mutex

DC_MUTEX-3S9C8EP

Attributes

InstallPath
MSDCSCR\msdcscmain32.exe
gencode
te3HHGAMCDaF
install
true
offline_keylogger
false
persistence
true
reg_key
rundll32

Targets

- Target
  
  00397ae0e8da20a2542f4478beb51efb5abf2806eca257ddd8da02e4fd2fa780
- Size
  
  600KB
- MD5
  
  744f7afc50e0e4dfa34d013183c315ef
- SHA1
  
  73ad9e11ab3f2edf861663c7e33b261e6cd3364b
- SHA256
  
  00397ae0e8da20a2542f4478beb51efb5abf2806eca257ddd8da02e4fd2fa780
- SHA512
  
  4f41367d25dbd7c85a67dec890df25d0e078b85a302b863911da325f0889d018cf0665ae3bcc8827ce483ea1a51ba271935905cccc2b5d58189f63bb860c504c
- SSDEEP
  
  12288:n2vt6Pp8TgrMDm5GwvBnx+EUGxWVfWRSlQvKeZBbjcg:n2lJgoDGGwvlx+EUGoShA
Score

10^/10

darkcomet privateeye persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometprivateeyepersistencerattrojanupx

behavioral2

darkcometprivateeyepersistencerattrojanupx

© 2018-2024

Terms | Privacy