darkcomet | a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79 | Triage

Submit
Reports

Overview

overview

Static

static

a1a8ab6332...79.exe

windows7-x64

8

a1a8ab6332...79.exe

windows10-2004-x64

Sharing

General

Target

a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79
Size

377KB
Sample

221002-pw3w2sfch3
MD5

6feaab979663244eca21c62008b09202
SHA1

89da90563896e8af51b1613b7848db8af17ae615
SHA256

a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79
SHA512

c3aebe6cb7a9f2c8a6069953d68a31e2e40ce007ef2a0f3bf94cd2ffb107d46d16ce281a8127d8661e778eeccfab47096839c9053f178815cd142ac3a60b6a4a
SSDEEP

6144:IcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37mO4EqXoetQGqvvoB:IcW7KEZlPzCy37mO4iGqvw

Score

10^/10

darkcomet guest16 persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79.exe

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79.exe

Resource

win10v2004-20220812-en

darkcomet guest16 persistence rat trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

Extracted

Family

darkcomet

Botnet

Guest16

C2

192.168.0.210:1604

Mutex

DC_MUTEX-JNPFFAB

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
asWjgGEaR2qG
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79
- Size
  
  377KB
- MD5
  
  6feaab979663244eca21c62008b09202
- SHA1
  
  89da90563896e8af51b1613b7848db8af17ae615
- SHA256
  
  a1a8ab6332f0fe7aca4250d5454bb3db623debd45151373b9263db436ca42c79
- SHA512
  
  c3aebe6cb7a9f2c8a6069953d68a31e2e40ce007ef2a0f3bf94cd2ffb107d46d16ce281a8127d8661e778eeccfab47096839c9053f178815cd142ac3a60b6a4a
- SSDEEP
  
  6144:IcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37mO4EqXoetQGqvvoB:IcW7KEZlPzCy37mO4iGqvw
Score

10^/10

upx darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

darkcometguest16persistencerattrojanupx

© 2018-2024

Terms | Privacy