darkcomet | e16197c0c381808c9394686000b7da8b2f16bc2be6fb55e0fa39a6b7d2df19b5 | Triage

Submit
Reports

Overview

overview

Static

static

e16197c0c3...b5.exe

windows7-x64

e16197c0c3...b5.exe

windows10-2004-x64

Sharing

General

Target

e16197c0c381808c9394686000b7da8b2f16bc2be6fb55e0fa39a6b7d2df19b5
Size

857KB
Sample

221123-p4ppdsga5t
MD5

c329355d37d20b2cf9e020b37b691ef1
SHA1

ddbb1a480cf09065221a3071929ab05b0c50c894
SHA256

e16197c0c381808c9394686000b7da8b2f16bc2be6fb55e0fa39a6b7d2df19b5
SHA512

5e65e797ed2920995965e7134cd767eebc74a5a370c280d459132661eef2551b2e1cede03e442070463dfb620418927382a09dffff660d9dc1173ffbbeea856d
SSDEEP

24576:DPF7sTJtPrK/yPo+IRHG9HqiivlBT2Nm:DUTTOiKBT2Nm

Score

10^/10

darkcomet 2015 persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

e16197c0c381808c9394686000b7da8b2f16bc2be6fb55e0fa39a6b7d2df19b5.exe

Resource

win7-20220812-en

darkcomet 2015 persistence rat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e16197c0c381808c9394686000b7da8b2f16bc2be6fb55e0fa39a6b7d2df19b5.exe

Resource

win10v2004-20221111-en

darkcomet 2015 persistence rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

2015

C2

mlgsimz.chickenkiller.com:100

Mutex

DCMIN_MUTEX-WEHRTJW

Attributes

gencode
nXtiiDuM3FMS
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  e16197c0c381808c9394686000b7da8b2f16bc2be6fb55e0fa39a6b7d2df19b5
- Size
  
  857KB
- MD5
  
  c329355d37d20b2cf9e020b37b691ef1
- SHA1
  
  ddbb1a480cf09065221a3071929ab05b0c50c894
- SHA256
  
  e16197c0c381808c9394686000b7da8b2f16bc2be6fb55e0fa39a6b7d2df19b5
- SHA512
  
  5e65e797ed2920995965e7134cd767eebc74a5a370c280d459132661eef2551b2e1cede03e442070463dfb620418927382a09dffff660d9dc1173ffbbeea856d
- SSDEEP
  
  24576:DPF7sTJtPrK/yPo+IRHG9HqiivlBT2Nm:DUTTOiKBT2Nm
Score

10^/10

darkcomet 2015 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomet2015persistencerattrojanupx

behavioral2

darkcomet2015persistencerattrojanupx

© 2018-2024

Terms | Privacy