darkcomet | ea34aaf09821e3744aa26872b019bcd0b5174a1a901fa17863b2c8ae6b92b869 | Triage

Submit
Reports

Overview

overview

Static

static

ea34aaf098...69.exe

windows7-x64

ea34aaf098...69.exe

windows10-2004-x64

Sharing

General

Target

ea34aaf09821e3744aa26872b019bcd0b5174a1a901fa17863b2c8ae6b92b869
Size

453KB
Sample

221002-ekmqksgbb8
MD5

57a755d00fc3c468e082a2f8d309447e
SHA1

92835e585b22e29477071f0dea27d3184e0afc27
SHA256

ea34aaf09821e3744aa26872b019bcd0b5174a1a901fa17863b2c8ae6b92b869
SHA512

8c2d46339ebc47eb1e2e469d71383a0d0c1d218b18c326704edf6790c76726cd9beb884bcbc8a70257807c7753e19628028e98ed9e7acb2efa4e415e5f85871b
SSDEEP

12288:Vl8E4w5huat7UovONzbXw6a36ZNg7KbcGLSu//:1dhHwNzbX6qZNg7KgGuuX

Score

10^/10

darkcomet sality guest16 backdoor evasion persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ea34aaf09821e3744aa26872b019bcd0b5174a1a901fa17863b2c8ae6b92b869.exe

Resource

win7-20220812-en

darkcomet sality guest16 backdoor evasion persistence rat trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea34aaf09821e3744aa26872b019bcd0b5174a1a901fa17863b2c8ae6b92b869.exe

Resource

win10v2004-20220901-en

sality backdoor upx

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Extracted

Family

darkcomet

Botnet

Guest16

C2

killersmille.no-ip.org:1604

Mutex

DC_MUTEX-F54S21D

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
0mJUZ3FxjSEM
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  ea34aaf09821e3744aa26872b019bcd0b5174a1a901fa17863b2c8ae6b92b869
- Size
  
  453KB
- MD5
  
  57a755d00fc3c468e082a2f8d309447e
- SHA1
  
  92835e585b22e29477071f0dea27d3184e0afc27
- SHA256
  
  ea34aaf09821e3744aa26872b019bcd0b5174a1a901fa17863b2c8ae6b92b869
- SHA512
  
  8c2d46339ebc47eb1e2e469d71383a0d0c1d218b18c326704edf6790c76726cd9beb884bcbc8a70257807c7753e19628028e98ed9e7acb2efa4e415e5f85871b
- SSDEEP
  
  12288:Vl8E4w5huat7UovONzbXw6a36ZNg7KbcGLSu//:1dhHwNzbX6qZNg7KgGuuX
Score

10^/10

darkcomet sality guest16 backdoor evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Drops file in Drivers directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometsalityguest16backdoorevasionpersistencerattrojanupx

behavioral2

salitybackdoorupx

© 2018-2024

Terms | Privacy