darkcomet | 564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa | Triage

Submit
Reports

Overview

overview

Static

static

5

564390eb14...fa.exe

windows7-x64

564390eb14...fa.exe

windows10-2004-x64

Sharing

General

Target

564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa
Size

1.7MB
Sample

221123-m8fwyabc4s
MD5

a0e4381250de28e795b8b0c3148e5620
SHA1

0bc879670e1d9c0400405d1c3dd1f933689e781b
SHA256

564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa
SHA512

eba0fe53b053674ecd4b4e57aecb52b2d1d973bcb71c6d5e3f4207e7b8730b2a4fc23323e1559c696bdce06c0c365c4110e14c7ac41807fb8b82ec15515e9056
SSDEEP

49152:skwkn9IMHeaS7hi0TdX+PouMOskjALaPCS:HdnVCtdCouwkjA2PC

Score

10^/10

darkcomet guest16 persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa.exe

Resource

win7-20220812-en

darkcomet guest16 persistence rat trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa.exe

Resource

win10v2004-20220812-en

darkcomet guest16 persistence rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

tragicdux.chickenkiller.com:3175

Mutex

DC_MUTEX-L9H93A3

Attributes

gencode
1L4pelzQX7xS
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa
- Size
  
  1.7MB
- MD5
  
  a0e4381250de28e795b8b0c3148e5620
- SHA1
  
  0bc879670e1d9c0400405d1c3dd1f933689e781b
- SHA256
  
  564390eb14d5fb93e012db3ef3933c32e9fe4eeec170d036e1d34345d65594fa
- SHA512
  
  eba0fe53b053674ecd4b4e57aecb52b2d1d973bcb71c6d5e3f4207e7b8730b2a4fc23323e1559c696bdce06c0c365c4110e14c7ac41807fb8b82ec15515e9056
- SSDEEP
  
  49152:skwkn9IMHeaS7hi0TdX+PouMOskjALaPCS:HdnVCtdCouwkjA2PC
Score

10^/10

darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16persistencerattrojan

behavioral2

darkcometguest16persistencerattrojan

© 2018-2024

Terms | Privacy