darkcomet | 4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198 | Triage

Submit
Reports

Overview

overview

Static

static

4389d5af6f...98.exe

windows7-x64

4389d5af6f...98.exe

windows10-2004-x64

Sharing

General

Target

4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198
Size

604KB
Sample

221125-cqeaaahb51
MD5

46a36b28a6f07b76ea511a8ae0c2aa3a
SHA1

88de3a8bbeff45b802c5f5b19c7aacf88dd235ed
SHA256

4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198
SHA512

65b7b53c93b35b65d803fb4ba67ebae0fd42aafb5a71d7b14888da49286ef6dd9f731b8d033c9f86ef6bdeb1949ac46230ca6da05b3803419813dc134b79e83c
SSDEEP

12288:qDboBfrFT0u7kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk:7Bfr/HiJw7DxD

Score

10^/10

darkcomet repaired persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198.exe

Resource

win7-20221111-en

darkcomet repaired persistence rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198.exe

Resource

win10v2004-20221111-en

darkcomet repaired persistence rat trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

REPAIRED

C2

susanrosanne.ddns.net:8991

Mutex

DC_MUTEX-MTLJCHX

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
v3RMsCdzjW76
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198
- Size
  
  604KB
- MD5
  
  46a36b28a6f07b76ea511a8ae0c2aa3a
- SHA1
  
  88de3a8bbeff45b802c5f5b19c7aacf88dd235ed
- SHA256
  
  4389d5af6fcb92a4b4aa14468339b09ee3bbc5188e568983340380aaa3ed0198
- SHA512
  
  65b7b53c93b35b65d803fb4ba67ebae0fd42aafb5a71d7b14888da49286ef6dd9f731b8d033c9f86ef6bdeb1949ac46230ca6da05b3803419813dc134b79e83c
- SSDEEP
  
  12288:qDboBfrFT0u7kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk:7Bfr/HiJw7DxD
Score

10^/10

darkcomet repaired persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometrepairedpersistencerattrojanupx

behavioral2

darkcometrepairedpersistencerattrojanupx

© 2018-2024

Terms | Privacy