darkcomet | 229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715 | Triage

Submit
Reports

Overview

overview

Static

static

5

229b7afff6...15.exe

windows7-x64

229b7afff6...15.exe

windows10-2004-x64

Sharing

General

Target

229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715
Size

2.7MB
Sample

221126-a8bwrsdg4t
MD5

73b640feaa707f1db67d8bbce19cf704
SHA1

ade33c18143d000a08971cd18d8e874284e14a9e
SHA256

229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715
SHA512

3209cc9189f92e8161a9b68e0eba3b99f54eb274ad95fd5b97f674713bfad50f3e550dc5ef11b9772d07e28ac8b80003dafe487e43c40595de3aeb0638b53d4b
SSDEEP

49152:rJZoQrbTFZY1iaDRwEYUbN9+qzA7LMD/Cqp+IH8LQaddDkG+d139q4cxpUuas:rtrbTA1BwJUb7lc3MDaqA0T7v8Z

Score

10^/10

darkcomet guest16_min microsoft persistence phishing rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715.exe

Resource

win7-20220901-en

darkcomet guest16_min persistence rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715.exe

Resource

win10v2004-20220812-en

darkcomet guest16_min microsoft persistence phishing rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

iloverats12.no-ip.biz:5468

Mutex

DCMIN_MUTEX-3DXPTA4

Attributes

gencode
ji9E7fZNtWow
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715
- Size
  
  2.7MB
- MD5
  
  73b640feaa707f1db67d8bbce19cf704
- SHA1
  
  ade33c18143d000a08971cd18d8e874284e14a9e
- SHA256
  
  229b7afff666947ed7dec8b56c55727571dc42404121005efdfd44e327631715
- SHA512
  
  3209cc9189f92e8161a9b68e0eba3b99f54eb274ad95fd5b97f674713bfad50f3e550dc5ef11b9772d07e28ac8b80003dafe487e43c40595de3aeb0638b53d4b
- SSDEEP
  
  49152:rJZoQrbTFZY1iaDRwEYUbN9+qzA7LMD/Cqp+IH8LQaddDkG+d139q4cxpUuas:rtrbTA1BwJUb7lc3MDaqA0T7v8Z
Score

10^/10

darkcomet guest16_min persistence rat trojan microsoft phishing
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16_minpersistencerattrojan

behavioral2

darkcometguest16_minmicrosoftpersistencephishingrattrojan

© 2018-2024

Terms | Privacy