darkcomet | 26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96 | Triage

Submit
Reports

Overview

overview

Static

static

8

26b3f94f93...96.exe

windows7-x64

26b3f94f93...96.exe

windows10-2004-x64

Sharing

General

Target

26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96
Size

500KB
Sample

221125-x97fdsdd6z
MD5

cb33d7a4fc859295229b02ae68616319
SHA1

cf50c142931029523b9d9e324007ddc76854ce1a
SHA256

26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96
SHA512

82d0bf6aa5ded0e508a9c8e899fd1e21a117a4123d900a65c30244de2de3cccaa8304dcb288df75da256e29becd83d0f4ad7c828c2f1b3aef53167f962cbc695
SSDEEP

12288:8enj9tNRgj7lKLVajxrzBViuU+EoSK5VmuZvYmbV:jfaBKaRljX5VmIQI

Score

10^/10

darkcomet guest16 persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96.exe

Resource

win7-20220812-en

darkcomet guest16 persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96.exe

Resource

win10v2004-20220812-en

darkcomet guest16 persistence rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

millanman.no-ip.org:200

Mutex

DC_MUTEX-1K6MQ48

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
lBPaol2uFc1q
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96
- Size
  
  500KB
- MD5
  
  cb33d7a4fc859295229b02ae68616319
- SHA1
  
  cf50c142931029523b9d9e324007ddc76854ce1a
- SHA256
  
  26b3f94f9365165f82b1ee005a0edd82d2a17736c51929d112b2bc93eda83d96
- SHA512
  
  82d0bf6aa5ded0e508a9c8e899fd1e21a117a4123d900a65c30244de2de3cccaa8304dcb288df75da256e29becd83d0f4ad7c828c2f1b3aef53167f962cbc695
- SSDEEP
  
  12288:8enj9tNRgj7lKLVajxrzBViuU+EoSK5VmuZvYmbV:jfaBKaRljX5VmIQI
Score

10^/10

darkcomet guest16 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16persistencerattrojanupx

behavioral2

darkcometguest16persistencerattrojanupx

© 2018-2024

Terms | Privacy