darkcomet | 74a02200862782e88cccfbfa4a9accb9c6f963036471587d36748dea1cf2993d | Triage

Submit
Reports

Overview

overview

Static

static

8

74a0220086...3d.exe

windows7-x64

74a0220086...3d.exe

windows10-2004-x64

Sharing

General

Target

74a02200862782e88cccfbfa4a9accb9c6f963036471587d36748dea1cf2993d
Size

1.4MB
Sample

221003-3hdlwsccc5
MD5

57c70ac8a46540077bc85eb33ffceea4
SHA1

1eee0eac9cd92889c2e2485fc3930251024dca3a
SHA256

74a02200862782e88cccfbfa4a9accb9c6f963036471587d36748dea1cf2993d
SHA512

8ea27a248fcb878dece1ca23f79e244e8cdb7337f3186f3c922193cacba9910f8a3ff49bfe4f13941d7d286d464e54f229408b84f816c30df8579d4387faca86
SSDEEP

24576:v1A/bjvJyQiFqwqbKaWbxL+YthDNRjKZmbj6MUX/4bhMtwNyAGR619Z6awzwhbiG:v1ev98aWd/zRjKZjMUX/4b2twNyAVZ6a

Score

10^/10

darkcomet guest16 rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

74a02200862782e88cccfbfa4a9accb9c6f963036471587d36748dea1cf2993d.exe

Resource

win7-20220812-en

darkcomet guest16 rat trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

74a02200862782e88cccfbfa4a9accb9c6f963036471587d36748dea1cf2993d.exe

Resource

win10v2004-20220901-en

darkcomet guest16 rat trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

178.118.159.7:2500

Mutex

DC_MUTEX-KTLT5KQ

Attributes

gencode
NGjrQs4d1gxe
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  74a02200862782e88cccfbfa4a9accb9c6f963036471587d36748dea1cf2993d
- Size
  
  1.4MB
- MD5
  
  57c70ac8a46540077bc85eb33ffceea4
- SHA1
  
  1eee0eac9cd92889c2e2485fc3930251024dca3a
- SHA256
  
  74a02200862782e88cccfbfa4a9accb9c6f963036471587d36748dea1cf2993d
- SHA512
  
  8ea27a248fcb878dece1ca23f79e244e8cdb7337f3186f3c922193cacba9910f8a3ff49bfe4f13941d7d286d464e54f229408b84f816c30df8579d4387faca86
- SSDEEP
  
  24576:v1A/bjvJyQiFqwqbKaWbxL+YthDNRjKZmbj6MUX/4bhMtwNyAGR619Z6awzwhbiG:v1ev98aWd/zRjKZjMUX/4b2twNyAVZ6a
Score

10^/10

darkcomet guest16 rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojanupx

behavioral2

darkcometguest16rattrojanupx

© 2018-2024

Terms | Privacy