darkcomet | f1969fe13d3943817a7514b0740252db27ee1519ac57388daaa712c04de35254 | Triage

Submit
Reports

Overview

overview

Static

static

f1969fe13d...54.exe

windows7-x64

f1969fe13d...54.exe

windows10-2004-x64

Sharing

General

Target

f1969fe13d3943817a7514b0740252db27ee1519ac57388daaa712c04de35254
Size

251KB
Sample

221030-r57ygafgfq
MD5

849f77e376036b2381b3a0899c705d50
SHA1

bf22b89aa161759dd70f3944b2e99f850dfb02ee
SHA256

f1969fe13d3943817a7514b0740252db27ee1519ac57388daaa712c04de35254
SHA512

ba43e3a9bf54f486f038bd30a11078ed21dd3ea6484d2d2e118895c4f53431b539bbb397138b22de2043277f303240fed021d9dfc7e5e48bbbf178c6acf67efe
SSDEEP

6144:/YcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:wcW7KEZlPzCy37

Score

10^/10

darkcomet test1 persistence rat trojan upx

Static task

static1

upx test1 darkcomet

2 signatures

Behavioral task

behavioral1

Sample

f1969fe13d3943817a7514b0740252db27ee1519ac57388daaa712c04de35254.exe

Resource

win7-20220812-en

darkcomet test1 persistence rat trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

f1969fe13d3943817a7514b0740252db27ee1519ac57388daaa712c04de35254.exe

Resource

win10v2004-20220812-en

darkcomet test1 persistence rat trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Test1

C2

roguehack.no-ip.biz:70

Mutex

DC_MUTEX-1V41W5P

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
o7XD3VtoPQi3
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  f1969fe13d3943817a7514b0740252db27ee1519ac57388daaa712c04de35254
- Size
  
  251KB
- MD5
  
  849f77e376036b2381b3a0899c705d50
- SHA1
  
  bf22b89aa161759dd70f3944b2e99f850dfb02ee
- SHA256
  
  f1969fe13d3943817a7514b0740252db27ee1519ac57388daaa712c04de35254
- SHA512
  
  ba43e3a9bf54f486f038bd30a11078ed21dd3ea6484d2d2e118895c4f53431b539bbb397138b22de2043277f303240fed021d9dfc7e5e48bbbf178c6acf67efe
- SSDEEP
  
  6144:/YcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:wcW7KEZlPzCy37
Score

10^/10

darkcomet test1 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upxtest1darkcomet

behavioral1

darkcomettest1persistencerattrojanupx

behavioral2

darkcomettest1persistencerattrojanupx

© 2018-2024

Terms | Privacy