darkcomet | 571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e | Triage

Submit
Reports

Overview

overview

Static

static

571eaac9e5...9e.exe

windows7-x64

571eaac9e5...9e.exe

windows10-2004-x64

Sharing

General

Target

571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e
Size

349KB
Sample

221002-spa48sdfcr
MD5

6d2706ffb3b1c6efd5594e1a2ff787b0
SHA1

b819a1b540b2f21c1ae6fcb7c925a51e445f3b0a
SHA256

571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e
SHA512

968c98c388a3fffe0a8a89f496c9fafb59419440d0f4ae49d5ccb1ceb3f4611c3e6cd327258ba47cfc55d3620aafc62d0b7bc889a1712c63dda227025fa4c653
SSDEEP

6144:wcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37d3I2RwplSZkOiu9PZ/p:wcW7KEZlPzCy37xRPNVR

Score

10^/10

darkcomet guest16 persistence rat trojan upx

Static task

static1

upx guest16 darkcomet

2 signatures

Behavioral task

behavioral1

Sample

571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e.exe

Resource

win7-20220812-en

darkcomet guest16 persistence rat trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e.exe

Resource

win10v2004-20220812-en

darkcomet guest16 persistence rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

rabdarcrab.no-ip.biz:1604

Mutex

DC_MUTEX-12PKHNW

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
yVkohe6HvLBv
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e
- Size
  
  349KB
- MD5
  
  6d2706ffb3b1c6efd5594e1a2ff787b0
- SHA1
  
  b819a1b540b2f21c1ae6fcb7c925a51e445f3b0a
- SHA256
  
  571eaac9e5f7789fa2fccea6e04f6c82e5e2cd86246d9cba7ab497e03f424e9e
- SHA512
  
  968c98c388a3fffe0a8a89f496c9fafb59419440d0f4ae49d5ccb1ceb3f4611c3e6cd327258ba47cfc55d3620aafc62d0b7bc889a1712c63dda227025fa4c653
- SSDEEP
  
  6144:wcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37d3I2RwplSZkOiu9PZ/p:wcW7KEZlPzCy37xRPNVR
Score

10^/10

darkcomet guest16 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upxguest16darkcomet

behavioral1

darkcometguest16persistencerattrojanupx

behavioral2

darkcometguest16persistencerattrojanupx

© 2018-2024

Terms | Privacy