darkcomet | 3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45 | Triage

Submit
Reports

Overview

overview

Static

static

3407d70d5b...45.exe

windows7-x64

3407d70d5b...45.exe

windows10-2004-x64

Sharing

General

Target

3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45
Size

528KB
Sample

221001-3m252scbc8
MD5

65eb70dfafe3c0c78109a442af7eae90
SHA1

a4373ffff571a12ce7a88ff149da155b3b4087af
SHA256

3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45
SHA512

3a8cb9d7f8531080fa2f67f21efcd9c84e36d4e42363aac3255152bfb4b63bfa57ee9097a40b1ab5f0320acbfca7270a6c2452c554f517257f45e41af0bc1f9d
SSDEEP

6144:gJ6hxh6edXLpKOseh6dDYcOzOohWoQb+RYWeWE3XvDMAIGubCjIFjqKoBoO:gCAUcO0OcOzOAuyRmDMFbOqjqKoBo

Score

10^/10

darkcomet guest16 persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45.exe

Resource

win7-20220812-en

darkcomet guest16 persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45.exe

Resource

win10v2004-20220812-en

darkcomet guest16 persistence rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

carlosjohn301.ddns.net:1604

Mutex

DC_MUTEX-ADH0PPW

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
qXwwGCGxgJlf
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45
- Size
  
  528KB
- MD5
  
  65eb70dfafe3c0c78109a442af7eae90
- SHA1
  
  a4373ffff571a12ce7a88ff149da155b3b4087af
- SHA256
  
  3407d70d5b0555d86fffcaf0f500a455d94d2c0aa9ee4fdc5800df0375f18e45
- SHA512
  
  3a8cb9d7f8531080fa2f67f21efcd9c84e36d4e42363aac3255152bfb4b63bfa57ee9097a40b1ab5f0320acbfca7270a6c2452c554f517257f45e41af0bc1f9d
- SSDEEP
  
  6144:gJ6hxh6edXLpKOseh6dDYcOzOohWoQb+RYWeWE3XvDMAIGubCjIFjqKoBoO:gCAUcO0OcOzOAuyRmDMFbOqjqKoBo
Score

10^/10

darkcomet guest16 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16persistencerattrojanupx

behavioral2

darkcometguest16persistencerattrojanupx

© 2018-2024

Terms | Privacy