darkcomet | 2b5b7b832883b18cde00583c617be8a5bec1d9f375f937e65ae1d00854c46ef0 | Triage

Submit
Reports

Overview

overview

Static

static

8

2b5b7b8328...f0.exe

windows7-x64

2b5b7b8328...f0.exe

windows10-2004-x64

Sharing

General

Target

2b5b7b832883b18cde00583c617be8a5bec1d9f375f937e65ae1d00854c46ef0
Size

268KB
Sample

221123-vdttbagg29
MD5

1d11e611f4fb55b6b85caee53c0356e6
SHA1

91168c50d29841330e627f3a52958044ce958488
SHA256

2b5b7b832883b18cde00583c617be8a5bec1d9f375f937e65ae1d00854c46ef0
SHA512

51e9464c41b0cd35005373e3c45c11b82b79758f61a317dcc67b11a282cb1cbebbbecd19a676b6dd53dc2c1a71951a16593b2853826aec0cdab2da60294c2aef
SSDEEP

6144:5ocMD9L6Ro5oso1IwJs3mb6plI/7SCNG:5tMDF6RomTGwJd64uCA

Score

10^/10

darkcomet aspackv2 persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2b5b7b832883b18cde00583c617be8a5bec1d9f375f937e65ae1d00854c46ef0.exe

Resource

win7-20221111-en

darkcomet persistence rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2b5b7b832883b18cde00583c617be8a5bec1d9f375f937e65ae1d00854c46ef0.exe

Resource

win10v2004-20221111-en

darkcomet persistence rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2b5b7b832883b18cde00583c617be8a5bec1d9f375f937e65ae1d00854c46ef0
- Size
  
  268KB
- MD5
  
  1d11e611f4fb55b6b85caee53c0356e6
- SHA1
  
  91168c50d29841330e627f3a52958044ce958488
- SHA256
  
  2b5b7b832883b18cde00583c617be8a5bec1d9f375f937e65ae1d00854c46ef0
- SHA512
  
  51e9464c41b0cd35005373e3c45c11b82b79758f61a317dcc67b11a282cb1cbebbbecd19a676b6dd53dc2c1a71951a16593b2853826aec0cdab2da60294c2aef
- SSDEEP
  
  6144:5ocMD9L6Ro5oso1IwJs3mb6plI/7SCNG:5tMDF6RomTGwJd64uCA
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan

© 2018-2024

Terms | Privacy